[Forgot Password]
Login  Register Subscribe












Paid content will be excluded from the download.

Matches : 25354 Download | Alert*

Do Not Allow SSH Environment Options To ensure users are not able to present environment options to the SSH daemon, add or correct the following line in '/etc/ssh/sshd_config': 'PermitUserEnvironment no'

Uninstall telnet-server Package The 'telnet-server' package can be uninstalled with the following command: '$ sudo yum erase telnet-server'

Ensure auditd Collects File Deletion Events by User At a minimum the audit system should collect file deletion events for all users and root. If the 'auditd' daemon is configured to use the 'augenrules' program to read audit rules during daemon startup (the default), add the following line to a file with suffix '.rules' in the directory '/etc/audit/rules.d', setting ARCH to either b32 or b64 as a ...

Ensure rsyslog Does Not Accept Remote Messages Unless Acting As Log Server The 'rsyslog' daemon should not accept remote messages unless the system acts as a log server. To ensure that it is not listening on the network, ensure the following lines are

Enable auditd Service The 'auditd' service is an essential userspace component of the Linux Auditing System, as it is responsible for writing audit records to disk. The 'auditd' service can be enabled with the following command: '$ sudo systemctl enable auditd'

Configure auditd mail_acct Action on Low Disk Space The 'auditd' service can be configured to send email to a designated account in certain situations. Add or correct the following line in '/etc/audit/auditd.conf' to ensure that administrators are notified via email for those situations: 'action_mail_acct = root'

Disable Certmonger Service (certmonger) Certmonger is a D-Bus based service that attempts to simplify interaction with certifying authorities on networks which use public-key infrastructure. It is often combined with Red Hat's IPA (Identity Policy Audit) security information management solution to aid in the management of certificates. The 'certmonger' service can be disabled with the follow ...

Disable ntpdate Service (ntpdate) The 'ntpdate' service sets the local hardware clock by polling NTP servers when the system boots. It synchronizes to the NTP servers listed in '/etc/ntp/step-tickers' or '/etc/ntp.conf' and then sets the local hardware clock to the newly synchronized system time. The 'ntpdate' service can be disabled with the following command: '$ sudo systemctl disable ...

Configure Logging Ensure that the following line exists in '/etc/rsyslog.conf': 'daemon.* /var/log/daemon.log' Configure logwatch or other log monitoring tools to summarize error conditions reported by the dhcpd process.

Disable FTP Uploads if Possible Is there a mission-critical reason for users to upload files via FTP? If not, edit the vsftpd configuration file to add or correct the following configuration options: 'write_enable=NO' If FTP uploads are necessary, follow the guidance in the remainder of this section to secure these transactions as much as possible.

Pages:      Start    4    5    6    7    8    9    10    11    12    13    14    15    16    17    ..   2535

© SecPod Technologies