[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249966

 
 

909

 
 

195636

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 30475 Download | Alert*

Disable Cache Support The 'cache' module allows 'httpd' to cache data, optimizing access to frequently accessed content. However, it introduces potential security flaws such as the possibility of circumventing 'Allow' and 'Deny' directives. If this functionality is unnecessary, comment out the module: '#LoadModule cache_module modules/mod_cache.so' If caching is required, it should not be enable ...

Configure Logwatch HostLimit Line On a central logserver, you want Logwatch to summarize all syslog entries, including those which did not originate on the logserver itself. The 'HostLimit' setting tells Logwatch to report on all hosts, not just the one on which it is running. ' HostLimit = no '

Set httpd ServerSignature Directive to Off 'ServerSignature Off' restricts 'httpd' from displaying server version number on error pages. Add or correct the following directive in '/etc/httpd/conf/httpd.conf': 'ServerSignature Off'

Disable HTTP Digest Authentication The 'auth_digest' module provides encrypted authentication sessions. If this functionality is unnecessary, comment out the related module: '#LoadModule auth_digest_module modules/mod_auth_digest.so'

Disable rexec Service The 'rexec' service, which is available with the 'rsh-server' package and runs as a service through xinetd, should be disabled. The 'rexec' service can be disabled with the following command: '$ sudo systemctl disable rexec'

Auditing of 'Account Logon: Kerberos Authentication Service' events on success should be enabled or disabled as appropriate.

To set the runtime status of the 'net.ipv4.conf.all.accept_source_route' kernel parameter, run the following command:

Ensure auditd Collects Information on the Use of Privileged Commands At a minimum the audit system should collect the execution of privileged commands for all users and root. To find the relevant setuid / setgid programs, run the following command for each local partition

Ensure gpgcheck Enabled In Main Yum Configuration The 'gpgcheck' option controls whether RPM packages' signatures are always checked prior to installation. To configure yum to check package signatures before installing them, ensure the following line appears in '/etc/yum.conf' in the '[main]' section: 'gpgcheck=1'

Disable Print Server Capabilities To prevent remote users from potentially connecting to and using locally configured printers, disable the CUPS print server sharing capabilities. To do so, limit how the server will listen for print jobs by removing the more generic port directive from /etc/cups/cupsd.conf: 'Port 631' and replacing it with the 'Listen' directive: 'Listen localhost:631' This will ...


Pages:      Start    3025    3026    3027    3028    3029    3030    3031    3032    3033    3034    3035    3036    3037    3038    ..   3047

© SecPod Technologies