[Forgot Password]
Login  Register Subscribe












Paid content will be excluded from the download.

Matches : 25354 Download | Alert*

Ensure Red Hat GPG Key Installed To ensure the system can cryptographically verify base software packages come from Red Hat (and to connect to the Red Hat Network to receive them), the Red Hat GPG key must properly be installed. To install the Red Hat GPG key, run: '$ sudo rhn_register' If the system is not connected to the Internet or an RHN Satellite, then install the Red Hat GPG key from tru ...

Set Boot Loader Password The grub2 boot loader should have a superuser account and password protection enabled to protect boot-time settings. To do so, select a superuser account and password and add them into the appropriate grub2 configuration file(s) under '/etc/grub.d'. Since plaintext passwords are a security risk, generate a hash for the pasword by running the following command: '$ grub2-m ...

Ensure /var Located On Separate Partition The '/var' directory is used by daemons and other system services to store frequently-changing data. Ensure that '/var' has its own partition or logical volume at installation time, or migrate it using LVM.

Deactivate Wireless Network Interfaces Deactivating wireless network interfaces should prevent normal usage of the wireless capability. First, identify the interfaces available with the command: '$ ifconfig -a' Additionally, the following command may be used to determine whether wireless support is included for Aparticular interface, though this may not always be a clear indicator: '$ iwconfig' ...

Ensure that Root's Path Does Not Include Relative Paths or Null Directories Ensure that none of the directories in root's path is equal to a single '.' character, or that it contains any instances that lead to relative path traversal, such as '..' or beginning a path without the slash ('/') character. Also ensure that there are no "empty" elements in the path, such as in these examples: PATH=:/bi ...

Root Path Must Be Vendor Default Assuming root shell is bash, edit the following files: '~/.profile' '~/.bashrc' Change any 'PATH' variables to the vendor default for root and remove any empty 'PATH' entries or references to relative paths.

Ensure SELinux Not Disabled in /etc/grub.conf SELinux can be disabled at boot time by an argument in '/etc/grub.conf'. Remove any instances of 'selinux=0' from the kernel arguments in that file to prevent SELinux from being disabled at boot.

Ensure All Files Are Owned by a Group If any files are not owned by a group, then the cause of their lack of group-ownership should be investigated. Following this, the files should be deleted or assigned to an appropriate group.

Require Client SMB Packet Signing, if using mount.cifs Require packet signing of clients who mount Samb Ashares using the 'mount.cifs' program (e.g., those who specify shares in '/etc/fstab'). To do so, ensure signing options (either 'sec=krb5i' or 'sec=ntlmv2i') are used. See the 'mount.cifs(8)' man page for more information. A Samb Aclient should only communicate with servers who can support S ...

Install vsftpd Package If this machine must operate as an FTP server, install the 'vsftpd' package via the standard channels. '$ sudo yum install vsftpd'

Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   2535

© SecPod Technologies