[Forgot Password]
Login  Register Subscribe

24437

 
 

131815

 
 

116370

 
 

909

 
 

90976

 
 

142

 
 
Paid content will be excluded from the download.

Filter
Matches : 24437 Download | Alert*

Ensure SELinux State is Enforcing The SELinux state should be set to 'enforcing' at system boot time. In the file '/etc/selinux/config', add or correct the following line to configure the system to boot into enforcing mode: 'SELINUX=enforcing'

Verify Group Who Owns gshadow File To properly set the group owner of '/etc/gshadow', run the command:

Disable Host-Based Authentication SSH's cryptographic host-based authentication is more secure than '.rhosts' authentication. However, it is not recommended that hosts unilaterally trust one another, even within an organization. To disable host-based authentication, add or correct the following line in '/etc/ssh/sshd_config': 'HostbasedAuthentication no'

Verify Permissions on passwd File To properly set the permissions of '/etc/passwd', run the command:

Verify User Who Owns group File To properly set the owner of '/etc/group', run the command:

Ensure gpgcheck Enabled In Main Yum Configuration The 'gpgcheck' option controls whether RPM packages' signatures are always checked prior to installation. To configure yum to check package signatures before installing them, ensure the following line appears in '/etc/yum.conf' in the '[main]' section: 'gpgcheck=1'

Set Password Minimum Age To specify password minimum age for new accounts, edit the file '/etc/login.defs' and add or correct the following line, replacing

Verify Group Who Owns group File To properly set the group owner of '/etc/group', run the command:

Use Only Approved Ciphers Limit the ciphers to those algorithms which are FIPS-approved. Counter (CTR) mode is also preferred over cipher-block chaining (CBC) mode. The following line in '/etc/ssh/sshd_config' demonstrates use of FIPS-approved ciphers: 'Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc' The man page 'sshd_config(5)' contains a list of supported ci ...

Set SSH Client Alive Count To ensure the SSH idle timeout occurs precisely when the 'ClientAliveCountMax' is set, edit '/etc/ssh/sshd_config' as follows: 'ClientAliveCountMax 0'


Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   2443

© SecPod Technologies