UNIX Security Service Level Agreement In response to increased computer security concerns, the CIS UNIX Group is now offering a "Security Service Level Agreement" for UNIX and Linux based systems. This is intended as a less expensive alternative to the traditional "Fully Managed" Service Level Agreement and is particularly suited for those individuals or groups planning to manage their own machines but wishing to take advantage of the UNIX Group's security expertise and automated security checking infrastructure. The service includes: 1) Installation of security software. TCP Wrappers, portmap or rpcbind, SSH/OpenSSH 2) System monitoring and follow-up Daily system scans to monitor changes in configuration files (i.e. passwd, group, .rhosts, hosts.equiv, inetd), changes in system file permissions, changes in network services (e.g. did the web server die). This monitoring will prevent against someone unintentionally allowing root access due to configuration changes. More importantly, this type of monitoring allows for deeper and more accurate checks than is possible with the CPPM network based scanning. 3) Security Patches Installation of security patches and workarounds in response to CERT and CIAC security bulletins. This is usually done in advance of notification by the LBNL CPPM. 4) Passwd Checks Systems are regularly checked for weak or crackable passwords to guard against hackers who could run dictionary attacks on your password file. 5) CPPM Compliance Implementation of security measures in advance or in response to security policy mandated by the LBNL Computer Protection Program Manager. This will guarantee that your system will never be blocked from access the network as the result of non-compliance with CPPM required updates. 6) Rates The "basic rate" is $95/machine per month, with discounts for existing software farm customers and/or for multiple machines. There may be a time and materials charge to cover initial effort for bringing the system into compliance. 7) Guarantee UNIX Security SLA will include the rebuilding of the core operating system (up to 8 hours labor) due to a security compromise. 8) Exclusions Maintenance of the hardware, operating system, backups, software farm access are not included in the UNIX Security SLA. Operating system upgrades are handled on a t&m basis. Security incidents that can be attributed to user misuse of root access are not covered by the guarantee. CONTACT INFORMATION: To inquire or set up an Security SLA, please email Gary Jung at GMJung@lbl.gov For more detailed technical information, particularly on the automated monitoring system, contact Partha Banerjee at psb@western-cwm.lbl.gov