[Forgot Password]
Login  Register Subscribe












Paid content will be excluded from the download.

Matches : 24436 Download | Alert*

Disable RDS Support The Reliable Datagram Sockets (RDS) protocol is a transport layer protocol designed to provide reliable high- bandwidth, low-latency communications between nodes in a cluster. To configure the system to prevent the 'rds' kernel module from being loaded, add the following line to a file in the directory '/etc/modprobe.d':

Verify User Who Owns group File To properly set the owner of '/etc/group', run the command:

Ensure Logs Sent To Remote Host To configure rsyslog to send logs to a remote log server, open '/etc/rsyslog.conf' and read and understand the last section of the file, which describes the multiple directives necessary to activate remote logging. Along with these other directives, the system can be configured to forward its logs to a particular log server by adding or correcting one of the follow ...

Disable Interface Usage of IPv6 To disable interface usage of IPv6, add or correct the following lines in '/etc/sysconfig/network': NETWORKING_IPV6=no IPV6INIT=no

Disable Core Dumps for All Users To disable core dumps for all users, add the following line to '/etc/security/limits.conf': '* hard core 0'

Disable CGI Support The 'cgi' module allows HTML to interact with the CGI web programming language. If this functionality is unnecessary, comment out the module: '#LoadModule cgi_module modules/mod_cgi.so'

System Audit Logs Must Have Mode 0640 or Less Permissive Change the mode of the audit log files with the following command: '$ sudo chmod 0640 audit_file'

Record Events that Modify the System's Discretionary Access Controls - chown At a minimum the audit system should collect file permission changes for all users and root. If the 'auditd' daemon is configured to use the 'augenrules' program to read audit rules during daemon startup (the default), add the following line to a file with suffix '.rules' in the directory '/etc/audit/rules.d': '-a always ...

Restrict Virtual Console Root Logins To restrict root logins through the (deprecated) virtual console devices, ensure lines of this form do not appear in '/etc/securetty': vc/1 vc/2 vc/3 vc/4

Set Password Hashing Algorithm in /etc/login.defs In '/etc/login.defs', add or correct the following line to ensure the system will use SHA-512 as the hashing algorithm: 'ENCRYPT_METHOD SHA512'

Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   2443

© SecPod Technologies