[Forgot Password]
Login  Register Subscribe

24436

 
 

131815

 
 

115228

 
 

909

 
 

90122

 
 

140

 
 
Paid content will be excluded from the download.

Filter
Matches : 24436 Download | Alert*

Disable Postfix Network Listening Edit the file '/etc/postfix/main.cf' to ensure that only the following 'inet_interfaces' line appears: 'inet_interfaces = localhost'

Configure SMTP Greeting Banner Edit '/etc/postfix/main.cf', and add or correct the following line, substituting some other wording for the banner information if you prefer: 'smtpd_banner = $myhostname ESMTP'

Configure LDAP Client to Use TLS For All Transactions Configure LDAP to enforce TLS use. First, edit the file '/etc/pam_ldap.conf', and add or correct the following lines: 'ssl start_tls' Then review the LDAP server and ensure TLS has been configured.

Configure Certificate Directives for LDAP Use of TLS Ensure a copy of a trusted CA certificate has been placed in the file '/etc/pki/tls/CA/cacert.pem'. Configure LDAP to enforce TLS use and to trust certificates signed by that CA. First, edit the file '/etc/pam_ldap.conf', and add or correct either of the following lines: 'tls_cacertdir /etc/pki/tls/CA' or 'tls_cacertfile /etc/pki/tls/CA/cacer ...

Uninstall openldap-servers Package The 'openldap-servers' package should be removed if not in use. Is this machine the OpenLDAP server? If not, remove the package. '$ sudo yum erase openldap-servers' The openldap-servers RPM is not installed by default on RHEL 7 machines. It is needed only by the OpenLDAP server, not by the clients which use LDAP for authentication. If the system is not intended ...

Disable Network File System Lock Service (nfslock) The Network File System Lock (nfslock) service starts the required remote procedure call (RPC) processes which allow clients to lock files on the server. If the local machine is not configured to mount NFS filesystems then this service should be disabled. The 'nfslock' service can be disabled with the following command: '$ sudo systemctl ...

Disable Secure RPC Client Service (rpcgssd) The rpcgssd service manages RPCSEC GSS contexts required to secure protocols that use RPC (most often Kerberos and NFS). The rpcgssd service is the client-side of RPCSEC GSS. If the system does not require secure RPC then this service should be disabled. The 'rpcgssd' service can be disabled with the following command: '$ sudo systemctl disable ...

Disable RPC ID Mapping Service (rpcidmapd) The rpcidmapd service is used to map user names and groups to UID and GID numbers on NFSv4 mounts. If NFS is not in use on the local system then this service should be disabled. The 'rpcidmapd' service can be disabled with the following command: '$ sudo systemctl disable rpcidmapd'

Disable Network File Systems (netfs) The netfs script manages the boot-time mounting of several types of networked filesystems, of which NFS and Samba are the most common. If these filesystem types are not in use, the script can be disabled, protecting the system somewhat against accidental or malicious changes to '/etc/fstab' and against flaws in the netfs script itself. The 'netfs' service ...

Configure lockd to use static TCP port Configure the 'lockd' daemon to use a static TCP port as opposed to letting the RPC Bind service dynamically assign a port. Edit the file '/etc/sysconfig/nfs'. Add or correct the following line: 'LOCKD_TCPPORT=lockd-port' Where 'lockd-port' is a port which is not used by any other service on your network.


Pages:      Start    3    4    5    6    7    8    9    10    11    12    13    14    15    16    ..   2443

© SecPod Technologies