BAS/EAL4+ software bundle

Edit online

When the BAS/EAL4+ option is selected, the contents of the /usr/sys/inst.data/sys_bundles/CC_EVAL.BOS.autoi installation bundle are installed.

You can optionally select to install the graphics software bundle and the documentation services software bundle with the BAS/EAL4+ option selected. If you select the Graphics Software option with the BAS/EAL4+ option, the contents of the /usr/sys/inst.data/sys_bundles/CC_EVAL.Graphics.bnd software bundle are installed. If you select the Documentation Services Software option with the BAS/EAL4+ option, the contents of the /usr/sys/inst.data/sys_bundles/CC_EVAL.DocServices.bnd software bundle are installed.

After the Licensed Program Products (LPPs) is installed, the system changes the default configuration to comply with the BAS/EAL4+ requirements. The following changes are made to the default configuration:
  • Remove /dev/echo from the /etc/pse.conf file.
  • Instantiate streams devices.
  • Allow only root to access removable media.
  • Remove non-CC entries from the inetd.conf file.
  • Change various file permissions.
  • Register symbolic links in the sysck.cfg file.
  • Register devices in the sysck.cfg file.
  • Set default user and port attributes.
  • Configure the doc_search application for browser use.
  • Remove httpdlite from the inittab file.
  • Remove writesrv from the inittab file.
  • Remove mkatmpvc from the inittab file.
  • Remove atmsvcd from the inittab file.
  • Disable snmpd in the /etc/rc.tcpip file.
  • Disable hostmibd in the /etc/rc.tcpip file.
  • Disable snmpmibd in the /etc/rc.tcpip file.
  • Disable aixmibd in the /etc/rc.tcpip file.
  • Disable muxatmd in the /etc/rc.tcpip file.
  • NFS port (2049) is a privileged port.
  • Add missing events to the /etc/security/audit/events file.
  • Ensure that the loopback interface is running.
  • Create synonyms for /dev/console.
  • Enforce default X-server connection permissions.
  • Change the /var/docsearch directory so that all files are world-readable.
  • Add Object Data Manager (ODM) stanzas to set the console permissions.
  • Set permissions on BSD-style ptys to 000.
  • Disable .netrc files.
  • Add patch directory processing.