[Forgot Password]
Login  Register Subscribe












Paid content will be excluded from the download.

Matches : 25354 Download | Alert*

Disable MIME Magic The 'mime_magic' module provides a second layer of MIME support that in most configurations is likely extraneous. If its functionality is unnecessary, comment out the related module: '#LoadModule mime_magic_module modules/mod_mime_magic.so'

Restrict Virtual Console Root Logins To restrict root logins through the (deprecated) virtual console devices, ensure lines of this form do not appear in '/etc/securetty': vc/1 vc/2 vc/3 vc/4

Enable Kernel Parameter to Ignore ICMP Broadcast Echo Requests To set the runtime status of the 'net.ipv4.icmp_echo_ignore_broadcasts' kernel parameter, run the following command:

Disable DCCP Support The Datagram Congestion Control Protocol (DCCP) is Arelatively new transport layer protocol, designed to support streaming media and telephony. To configure the system to prevent the 'dccp' kernel module from being loaded, add the following line to a file in the directory '/etc/modprobe.d':

Ensure Logs Sent To Remote Host To configure rsyslog to send logs to a remote log server, open '/etc/rsyslog.conf' and read and understand the last section of the file, which describes the multiple directives necessary to activate remote logging. Along with these other directives, the system can be configured to forward its logs to a particular log server by adding or correcting one of the follow ...

Record Events that Modify the System's Discretionary Access Controls - chmod At a minimum the audit system should collect file permission changes for all users and root. If the 'auditd' daemon is configured to use the 'augenrules' program to read audit rules during daemon startup (the default), add the following line to a file with suffix '.rules' in the directory '/etc/audit/rules.d': '-a always ...

Record Attempts to Alter Process and Session Initiation Information The audit system already collects process information for all users and root. To watch for attempted manual edits of files involved in storing such process information, add the following to '/etc/audit/audit.rules': -w /var/run/utmp -p wa -k session -w /var/log/btmp -p wa -k session -w /var/log/wtmp -p wa -k session

Disable ypbind Service The 'ypbind' service, which allows the system to act as a client in a NIS or NIS+ domain, should be disabled. The 'ypbind' service can be disabled with the following command: '$ sudo systemctl disable ypbind'

Uninstall openldap-servers Package The 'openldap-servers' package should be removed if not in use. Is this machine the OpenLDAP server? If not, remove the package. '$ sudo yum erase openldap-servers' The openldap-servers RPM is not installed by default on RHEL 7 machines. It is needed only by the OpenLDAP server, not by the clients which use LDAP for authentication. If the system is not intended ...

Restrict NFS Clients to Privileged Ports By default, the server NFS implementation requires that all client requests be made from ports less than 1024. If your organization has control over machines connected to its network, and if NFS requests are prohibited at the border firewall, this offers some protection against malicious requests from unprivileged users. Therefore, the default should not b ...

Pages:      Start    5    6    7    8    9    10    11    12    13    14    15    16    17    18    ..   2535

© SecPod Technologies