[Forgot Password]
Login  Register Subscribe












Paid content will be excluded from the download.

Matches : 25354 Download | Alert*

Collect Unsuccessful Unauthorized Access Attempts to Files "Monitor for unsuccessful attempts to access files. The parameters below are associated with system calls that control creation (creat), opening (open, openat) and truncation (truncate, ftruncate) of files. An audit log record will only be written if the user is a non- privileged user (auid > = 500), is not a Daemon event (auid=4294967295 ...

Ensure NIS is not installed The Network Information Service (NIS), formerly known as Yellow Pages, is a client-server directory service protocol used to distribute system configuration files.

Set SSH PermitEmptyPasswords to No The PermitEmptyPasswords parameter specifies if the server allows login to accounts with empty password strings.

Set SSH Banner The Banner parameter specifies a file whose contents must be sent to the remote user before authentication is permitted. By default, no banner is displayed.

Ensure daytime is not enabled daytime is a network service that responds with the server's current date and time. This service is intended for debugging and testing purposes. It is recommended that this service be disabled.

Disable Prelinking The prelinking feature changes binaries in an attempt to decrease their startup time. In order to disable it, change or add the following line inside the file '/etc/sysconfig/prelink': 'PRELINKING=no' Next, run the following command to return binaries to a normal, non-prelinked state: '$ sudo /usr/sbin/prelink -ua'

Disable Server Side Includes Server Side Includes provide a method of dynamically generating web pages through the insertion of server-side code. However, the technology is also deprecated and introduces significant security concerns. If this functionality is unnecessary, comment out the related module: '#LoadModule include_module modules/mod_include.so' If there is a critical need for Server Sid ...

Disable Server Activity Status The 'status' module provides real-time access to statistics on the internal operation of the web server. This may constitute an unnecessary information leak and should be disabled unless necessary. To do so, comment out the related module: '#LoadModule status_module modules/mod_status.so' If there is a critical need for this module, ensure that access to the status ...

Verify that Shared Library Files Have Root Ownership System-wide shared library files, which are linked to executables during process load time or run time, are stored in the following directories by default: /lib /lib64 /usr/lib /usr/lib64 Kernel modules, which can be added to the kernel during runtime, are also stored in '/lib/modules'. All files in these directories should be owned by the 'ro ...

Verify Permissions on passwd File To properly set the permissions of '/etc/passwd', run the command:

Pages:      Start    3    4    5    6    7    8    9    10    11    12    13    14    15    16    ..   2535

© SecPod Technologies