[Forgot Password]
Login  Register Subscribe












Paid content will be excluded from the download.

Matches : 24437 Download | Alert*

Set Password Hashing Algorithm in /etc/login.defs In '/etc/login.defs', add or correct the following line to ensure the system will use SHA-512 as the hashing algorithm: 'ENCRYPT_METHOD SHA512'

Set Password Strength Minimum Digit Characters The pam_pwquality module's 'dcredit' parameter controls requirements for usage of digits in a password. When set to a negative number, any password will be required to contain that many digits. When set to a positive number, pam_pwquality will grant +1 additional length credit for each digit. Modify the 'dcredit' setting in '/etc/security/pwquality. ...

Require Client SMB Packet Signing, if using smbclient To require samba clients running 'smbclient' to use packet signing, add the following to the '[global]' section of the Samba configuration file, '/etc/samba/smb.conf': 'client signing = mandatory' Requiring samba clients such as 'smbclient' to use packet signing ensures they can only communicate with servers that support packet signing.

Deny BOOTP Queries Unless your network needs to support older BOOTP clients, disable support for the bootp protocol by adding or correcting the global option: 'deny bootp;'

Ensure auditd Collects System Administrator Actions At a minimum the audit system should collect administrator actions for all users and root. If the 'auditd' daemon is configured to use the 'augenrules' program to read audit rules during daemon startup (the default), add the following line to a file with suffix '.rules' in the directory '/etc/audit/rules.d': '-w /etc/sudoers -p wa -k actions' If ...

Configure Periodic Execution of AIDE To implement a daily execution of AIDE at 4:05am using cron, add the following line to '/etc/crontab': '05 4 * * * root /usr/sbin/aide --check' AIDE can be executed periodically through other means; this is merely one example.

Uninstall xinetd Package The 'xinetd' package can be uninstalled with the following command: '$ sudo yum erase xinetd'

Configure LDAP Client to Use TLS For All Transactions Configure LDAP to enforce TLS use. First, edit the file '/etc/pam_ldap.conf', and add or correct the following lines: 'ssl start_tls' Then review the LDAP server and ensure TLS has been configured.

Disable IPv6 Networking Support Automatic Loading To disable support for ('ipv6') add the following line to '/etc/sysctl.d/ipv6.conf' (or another file in '/etc/sysctl.d'): 'net.ipv6.conf.all.disable_ipv6 = 1' This disables IPv6 on all network interfaces as other services and system functionality require the IPv6 stack loaded to work.

Uninstall bind Package To remove the 'bind' package, which contains the 'named' service, run the following command: '$ sudo yum erase bind'

Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   2443

© SecPod Technologies