[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249622

 
 

909

 
 

195549

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 30475 Download | Alert*

Verify /boot/grub2/grub.cfg Group Ownership The file '/boot/grub2/grub.cfg' should be group-owned by the 'root' group to prevent destruction or modification of the file. To properly set the group owner of '/boot/grub2/grub.cfg', run the command:

Manually Assign Global IPv6 Address To manually assign an IP address for an interface, edit the file '/etc/sysconfig/network-scripts/ifcfg-interface'. Add or correct the following line (substituting the correct IPv6 address): 'IPV6ADDR=2001:0DB8::ABCD/64' Manually assigning an IP address is preferable to accepting one from routers or from the network otherwise. The example address here is an IPv6 ...

Configure lockd to use static TCP port Configure the 'lockd' daemon to use a static TCP port as opposed to letting the RPC Bind service dynamically assign a port. Edit the file '/etc/sysconfig/nfs'. Add or correct the following line: 'LOCKD_TCPPORT=lockd-port' Where 'lockd-port' is a port which is not used by any other service on your network.

Ensure No Daemons are Unconfined by SELinux Daemons for which the SELinux policy does not contain rules will inherit the context of the parent process. Because daemons are launched during startup and descend from the 'init' process, they inherit the 'initrc_t' context. To check for unconfined daemons, run the following command: '$ sudo ps -eZ | egrep "initrc" | egrep -vw "tr|ps|egrep|bash\ ...

Set Permissions on All Configuration Files Inside /etc/httpd/conf/ Set permissions on the web server configuration files to 640: '$ sudo chmod 640 /etc/httpd/conf/*'

Disable MIME Magic The 'mime_magic' module provides a second layer of MIME support that in most configurations is likely extraneous. If its functionality is unnecessary, comment out the related module: '#LoadModule mime_magic_module modules/mod_mime_magic.so'

Disable Printer Browsing Entirely if Possible By default, CUPS listens on the network for printer list broadcasts on UDP port 631. This functionality is called printer browsing. To disable printer browsing entirely, edit the CUPS configuration file, located at '/etc/cups/cupsd.conf', to include the following: 'Browsing Off'

Manually Assign IPv6 Router Address Edit the file '/etc/sysconfig/network-scripts/ifcfg-interface', and add or correct the following line (substituting your gateway IP as appropriate): 'IPV6_DEFAULTGW=2001:0DB8::0001' Router addresses should be manually set and not accepted via any auto-configuration or router advertisement.

Restrict Information Published by Avahi If it is necessary to publish some information to the network, it should not be joined by any extraneous information, or by information supplied by a non-trusted source on the system. Prevent user applications from using Avahi to publish services by adding or correcting the following line in the '[publish]' section: 'disable-user-service-publishing=yes' Imp ...

Set httpd ServerTokens Directive to Prod 'ServerTokens Prod' restricts information in page headers, returning only the word "Apache." Add or correct the following directive in '/etc/httpd/conf/httpd.conf': 'ServerTokens Prod'


Pages:      Start    3020    3021    3022    3023    3024    3025    3026    3027    3028    3029    3030    3031    3032    3033    ..   3047

© SecPod Technologies