[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249966

 
 

909

 
 

195636

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 30475 Download | Alert*

Direct root Logins Not Allowed To further limit access to the 'root' account, administrators can disable root logins at the console by editing the '/etc/securetty' file. This file lists all devices the root user is allowed to login to. If the file does not exist at all, the root user can login through any communication device on the system, whether via the console or via a raw network interface. ...

Deny Decline Messages Edit '/etc/dhcp/dhcpd.conf' and add or correct the following global option to prevent the DHCP server from responding the DHCPDECLINE messages, if possible: 'deny declines;'

Use Privacy Extensions for Address To introduce randomness into the automatic generation of IPv6 addresses, add or correct the following line in '/etc/sysconfig/network-scripts/ifcfg-interface': 'IPV6_PRIVACY=rfc3041' Automatically-generated IPv6 addresses are based on the underlying hardware (e.g. Ethernet) address, and so it becomes possible to track a piece of hardware over its lifetime using ...

Disable Proxy Support The 'proxy' module provides proxying support, allowing 'httpd' to forward requests and serve as a gateway for other servers. If its functionality is unnecessary, comment out the module: '#LoadModule proxy_module modules/mod_proxy.so'

Configure lockd to use static UDP port Configure the 'lockd' daemon to use a static UDP port as opposed to letting the RPC Bind service dynamically assign a port. Edit the file '/etc/sysconfig/nfs'. Add or correct the following line: 'LOCKD_UDPPORT=lockd-port' Where 'lockd-port' is a port which is not used by any other service on your network.

Do Not Use Dynamic DNS To prevent the DHCP server from receiving DNS information from clients, edit '/etc/dhcp/dhcpd.conf', and add or correct the following global option: 'ddns-update-style none;'

Disable URL Correction on Misspelled Entries The 'speling' module attempts to find a document match by allowing one misspelling in an otherwise failed request. If this functionality is unnecessary, comment out the module: '#LoadModule speling_module modules/mod_speling.so' This functionality weakens server security by making site enumeration easier.

Serve Avahi Only via Required Protocol If you are using only IPv4, edit '/etc/avahi/avahi-daemon.conf' and ensure the following line exists in the '[server]' section: 'use-ipv6=no' Similarly, if you are using only IPv6, disable IPv4 sockets with the line: 'use-ipv4=no'

Disable Interactive Boot To disable the ability for users to perform interactive startups, edit the file '/etc/sysconfig/init'. Add or correct the line: 'PROMPT=no' The 'PROMPT' option allows the console user to perform an interactive system startup, in which it is possible to select the set of services which are started on boot.

Install mod_ssl Install the 'mod_ssl' module: '$ sudo yum install mod_ssl'


Pages:      Start    3023    3024    3025    3026    3027    3028    3029    3030    3031    3032    3033    3034    3035    3036    ..   3047

© SecPod Technologies