Restrict Access to the su Command
The su command allows a user to run a command or shell as another user. The program has been superseded by sudo, which allows for more granular control over privileged access. Normally, the su command can be executed by any user. By uncommenting the pam_wheel.so statement in /etc/pam.d/su, the su command will only allow users in the wheel group to execute su.
Enable Auditing for Processes That Start Prior to auditd
Configure grub or lilo so that processes that are capable of being audited can be audited even if they start up prior to auditd startup.
Accept Remote rsyslog Messages Only on Designated Log Hosts
By default, rsyslog does not listen for log messages coming in from remote systems. The ModLoad tells rsyslog to load the imtcp.so module so it can listen over a network via TCP. The InputTCPServerRun option instructs rsyslogd to listen on the specified TCP port.
Install TCP Wrappers
TCP Wrappers provides a simple access list and standardized logging method for services capable of supporting it. In the past, services that were called from inetd and xinetd supported the use of tcp wrappers. As inetd and xinetd have been falling in disuse, any service that can support tcp wrappers will have the libwrap.so library attached to it.
Disable Mounting of jffs2 Filesystems
The jffs2 (journaling flash filesystem 2) filesystem type is a log-structured filesystem used in flash memory devices.
Verify Permissions on /etc/hosts.deny
The /etc/hosts.deny file contains network information that is used by many system applications and therefore must be readable for these applications to operate.
Set User/Group Owner and Permission on /etc/cron.hourly
This directory contains system cron jobs that need to run on an hourly basis. The files in this directory cannot be manipulated by the crontab command, but are instead edited by system administrators using a text editor. The commands below restrict read/write and search access to user and group root, preventing regular users from accessing t ...
Disable SSH X11 Forwarding
The X11Forwarding parameter provides the ability to tunnel X11 traffic through the connection to enable remote graphic connections.