[Forgot Password]
Login  Register Subscribe

30480

 
 

423868

 
 

253164

 
 

909

 
 

197077

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 30476 Download | Alert*

Collect Login and Logout Events Monitor login and logout events. The parameters below track changes to files associated with login/logout events. The file /var/log/faillog tracks failed events from login. The file /var/log/lastlog maintain records of the last time a user successfully logged in. The file /var/log/tallylog maintains records of failures via the pam_tally2 module

Collect System Administrator Actions (sudolog) Monitor the sudo log file. If the system has been properly configured to disable the use of the su command and force all administrators to have to log in first and then use sudo to execute privileged commands, then all administrator commands will be logged to /var/log/sudo.log. Any time a command is executed, an audit event will be triggered as the / ...

Ensure telnet server is not enabled The telnet-server package contains the telnet daemon, which accepts connections from users from other systems via the telnet protocol.

Disable Support for RPC IPv6 RPC services for NFSv4 try to load transport modules for 'udp6' and 'tcp6' by default, even if IPv6 has been disabled in '/etc/modprobe.d'. To prevent RPC services such as 'rpc.mountd' from attempting to start IPv6 network listeners, remove or comment out the following two lines in '/etc/netconfig': udp6 tpi_clts v inet6 udp - - tcp6 ...

Manually Assign Global IPv6 Address To manually assign an IP address for an interface, edit the file '/etc/sysconfig/network-scripts/ifcfg-interface'. Add or correct the following line (substituting the correct IPv6 address): 'IPV6ADDR=2001:0DB8::ABCD/64' Manually assigning an IP address is preferable to accepting one from routers or from the network otherwise. The example address here is an IPv6 ...

Use Privacy Extensions for Address To introduce randomness into the automatic generation of IPv6 addresses, add or correct the following line in '/etc/sysconfig/network-scripts/ifcfg-interface': 'IPV6_PRIVACY=rfc3041' Automatically-generated IPv6 addresses are based on the underlying hardware (e.g. Ethernet) address, and so it becomes possible to track a piece of hardware over its lifetime using ...

Manually Assign IPv6 Router Address Edit the file '/etc/sysconfig/network-scripts/ifcfg-interface', and add or correct the following line (substituting your gateway IP as appropriate): 'IPV6_DEFAULTGW=2001:0DB8::0001' Router addresses should be manually set and not accepted via any auto-configuration or router advertisement.

Verify iptables Enabled The 'iptables' service can be enabled with the following command: '$ sudo systemctl enable iptables'

Enable rsyslog Service The 'rsyslog' service provides syslog-style logging by default on RHEL 7. The 'rsyslog' service can be enabled with the following command: '$ sudo systemctl enable rsyslog'

Configure Logwatch HostLimit Line On a central logserver, you want Logwatch to summarize all syslog entries, including those which did not originate on the logserver itself. The 'HostLimit' setting tells Logwatch to report on all hosts, not just the one on which it is running. ' HostLimit = no '


Pages:      Start    3006    3007    3008    3009    3010    3011    3012    3013    3014    3015    3016    3017    3018    3019    ..   3047

© SecPod Technologies