REGARDING SOURCE CODE REVIEW: Comelec has already approved CenPEG's request to do a source code review, and at present, we are in the process of writing down the specifics of our request, and specifics of Comelec's approval.
We have asked Comelec for the following: 1. That the source code of the PCOS program (SAES-1800 election application) and the CCS canvassing program (REIS v2.0) be supplied to us in softcopy format. The industry-standard manner of distributing source code as "configure-make" packages in tar.gz format will be ideal. 2. Although we have not requested for this, the design documents (Rational-Rose diagrams or their equivalent, if any) that specify exactly what the programs should be doing will help greatly in our review. Please understand that source code review is not easy, and you (COMelec) will need to supply these documents anyway to your own panel of technical experts who will do the source code review for Comelec. Either softcopy design documentation or printouts will be satisfactory. 3. Application programming interface (API) documentation for any third party libraries that might have been used in writing the programs. If the third party library does not have API documentation, then the manual pages of the API functions will be satisfactory. Softcopy is preferable to printouts, so that the reviewers can have the documentation online as they do the review. If the third partry library is open-source, with documentation available on the Net, the URL to the documentation will work just as fine for us. If we missed something here, please tell us so that we can include it. REGARDING LINUX SYSTEM ADMIN SETTINGS OF THE ELECTION COMPUTERS: I am preparing a list, and so far, here is what I came out with: a. Who the users are, and who know their passwords (Smartmatic? Comelec? BEI tech person?). Who know the password of the root user? Can any user log in from remote? Please printout the contents of the files /etc/passwd and /etc/securetty for PCOS and CCS. b. Do the PCOS election program and the CCS canvassing program implement 100% logging of all their activities? Please printout the contents of /etc/syslog.conf and a listing of all the files in the directory /var/log and subdirectories thereof, specially /var/log/httpd c. What services are running while the election programs are running? Are all of these services necessary? Which ones can be removed without compromising the proper functioning of the PCOS and CCS computers. Please print the output of the command "ps ax" for both PCOS and CCS computers. Please print the output of the command "runlevel". Please print the contents of the directories /etc/rc*.d d. Does the PCOS and CCS computers implement Security-Enchanced Linux (SELinux)? Please print out the SELinux settings. e. The computer can be accessed through what ports? Please print the listing of open ports (System > Adminitration > Network Tools > Port Scan > [Enter IP address] > Scan). Can any of these ports be closed to reduce the possibility of unauthorized breakin? I know that this is INCOMPLETE, so your help in completing this list will be appreciated. Thank you. _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
