[Forgot Password]
Login  Register Subscribe












Paid content will be excluded from the download.

Matches : 25354 Download | Alert*

Disable IPv6 Router Advertisements This setting disables the systems ability to accept router advertisements

Disable Mounting of freevxfs Filesystems The freevxfs filesystem type is a free version of the Veritas type filesystem. This is the primary filesystem type for HP-UX operating systems.

Ensure xinetd is not enabled The eXtended InterNET Daemon (xinetd) is an open source super daemon that replaced the original inetd daemon. The xinetd daemon listens for well known services and dispatches the appropriate daemon to properly respond to service requests. Note: Several other services recommended to be disabled in this benchmark have xinetd versions as well, if xinetd is required in yo ...

Ensure time is not enabled time is a network service that responds with the server's current date and time as a 32 bit integer. This service is intended for debugging and testing purposes. It is recommended that this service be disabled.

Restrict at/cron to Authorized Users Configure /etc/cron.allow and /etc/at.allow to allow specific users to use these services. If /etc/cron.allow or /etc/at.allow do not exist, then /etc/at.deny and /etc/cron.deny are checked. Any user not specifically defined in those files is allowed to use at and cron. By removing the files, only users in /etc/cron.allow and /etc/at.allow are allowed to use a ...

Ensure IMAP and POP server is not enabled Dovecot is an open source IMAP and POP3 server for Linux based systems.

Install the rsyslog package The rsyslog package is a third party package that provides many enhancements to syslog, such as multi-threading, TCP communication, message filtering and data base support.

Disable Mounting of cramfs Filesystems The cramfs filesystem type is a compressed read-only Linux filesystem embedded in small footprint systems. A cramfs image can be used without having to first decompress the image.

Enable Bad Error Message Protection Setting icmp_ignore_bogus_error_responses to 1 prevents the kernel from logging bogus responses (RFC-1122 non-compliant) from broadcast reframes, keeping file systems from filling up with useless log messages.

Enable TCP SYN Cookies When tcp_syncookies is set, the kernel will handle TCP SYN packets normally until the half-open connection queue is full, at which time, the SYN cookie functionality kicks in. SYN cookies work by not using the SYN queue at all. Instead, the kernel simply replies to the SYN with a SYN|ACK, but will include a specially crafted TCP sequence number that encodes the source and ...

Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   2535

© SecPod Technologies