Ensure talk server is not enabled
The talk software makes it possible for users to send and receive messages across systems through a terminal session. The talk client (allows initiate of talk sessions) is installed by default.
Ensure print server is not enabled
The Common Unix Print System (CUPS) provides the ability to print to both local and network printers. A system running CUPS can also accept print jobs from remote systems and print them to local printers. It also provides a web based remote administration capability.
Limit Access via SSH
There are several options available to limit which users and group can access the system via SSH. It is recommended that at least one of the following options be leveraged:
The AllowUsers variable gives the system administrator the option of allowing specific users to ssh into the system. The list consists of comma separated user names. Numeric userIDs are not reco ...
Collect Login and Logout Events
Monitor login and logout events. The parameters below track changes to files associated with login/logout events. The file /var/log/faillog tracks failed events from login. The file /var/log/lastlog maintain records of the last time a user successfully logged in. The file /var/log/tallylog maintains records of failures via the pam_tally2 module
Record Events That Modify User/Group Information
"Record events affecting the group, passwd (user IDs), shadow and gshadow (passwords) or
/etc/security/opasswd (old passwords, based on remember parameter in the PAM configuration) files. The parameters in this section will watch the files to see if they have been opened for write or have had attribute changes (e.g. permissions) and tag them with t ...
Configure Network Time Protocol (NTP)
The Network Time Protocol (NTP) is designed to synchronize system clocks across a variety of systems and use a source that is highly accurate. More information on NTP can be found at http://www.ntp.org. NTP can be configured to be a client and/or a server.
Verify User/Group Ownership on /etc/group
The /etc/group file contains a list of all the valid groups defined in the system. The command below allows read/write access for root and read access for everyone else.