[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249966

 
 

909

 
 

195636

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 30475 Download | Alert*

Record Attempts to Alter Time Through stime If the 'auditd' daemon is configured to use the 'augenrules' program to read audit rules during daemon startup (the default), add the following line to a file with suffix '.rules' in the directory '/etc/audit/rules.d' for both 32 bit and 64 bit systems: '-a always,exit -F arch=b32 -S stime -k audit_time_rules' Since the 64 bit version of the "stime" sys ...

The 'Store passwords using reversible encryption' setting should be configured correctly.

Set Permissions on the /etc/httpd/conf/ Directory Set permissions on the web server configuration directory to 750: '$ sudo chmod 750 /etc/httpd/conf/'

Disable IPv6 Networking Support Automatic Loading To disable support for ('ipv6') add the following line to '/etc/sysctl.d/ipv6.conf' (or another file in '/etc/sysctl.d'): 'net.ipv6.conf.all.disable_ipv6 = 1' This disables IPv6 on all network interfaces as other services and system functionality require the IPv6 stack loaded to work.

Configure LDAP Client to Use TLS For All Transactions Configure LDAP to enforce TLS use. First, edit the file '/etc/pam_ldap.conf', and add or correct the following lines: 'ssl start_tls' Then review the LDAP server and ensure TLS has been configured.

Configure Periodic Execution of AIDE To implement a daily execution of AIDE at 4:05am using cron, add the following line to '/etc/crontab': '05 4 * * * root /usr/sbin/aide --check' AIDE can be executed periodically through other means; this is merely one example.

Deny BOOTP Queries Unless your network needs to support older BOOTP clients, disable support for the bootp protocol by adding or correcting the global option: 'deny bootp;'

System Audit Logs Must Have Mode 0640 or Less Permissive Change the mode of the audit log files with the following command: '$ sudo chmod 0640 audit_file'

Disable CGI Support The 'cgi' module allows HTML to interact with the CGI web programming language. If this functionality is unnecessary, comment out the module: '#LoadModule cgi_module modules/mod_cgi.so'

Ensure rsync service is not enabled The rsyncd service can be used to synchronize files between systems over network links.


Pages:      Start    3026    3027    3028    3029    3030    3031    3032    3033    3034    3035    3036    3037    3038    3039    ..   3047

© SecPod Technologies