[Forgot Password]
Login  Register Subscribe












Paid content will be excluded from the download.

Matches : 25354 Download | Alert*

Restrict Access to the su Command The su command allows a user to run a command or shell as another user. The program has been superseded by sudo, which allows for more granular control over privileged access. Normally, the su command can be executed by any user. By uncommenting the pam_wheel.so statement in /etc/pam.d/su, the su command will only allow users in the wheel group to execute su.

Enable Auditing for Processes That Start Prior to auditd Configure grub or lilo so that processes that are capable of being audited can be audited even if they start up prior to auditd startup.

Disable Prelink The prelinking feature changes binaries in an attempt to decrease their startup time.

Accept Remote rsyslog Messages Only on Designated Log Hosts By default, rsyslog does not listen for log messages coming in from remote systems. The ModLoad tells rsyslog to load the imtcp.so module so it can listen over a network via TCP. The InputTCPServerRun option instructs rsyslogd to listen on the specified TCP port.

Install TCP Wrappers TCP Wrappers provides a simple access list and standardized logging method for services capable of supporting it. In the past, services that were called from inetd and xinetd supported the use of tcp wrappers. As inetd and xinetd have been falling in disuse, any service that can support tcp wrappers will have the libwrap.so library attached to it.

Disable Mounting of jffs2 Filesystems The jffs2 (journaling flash filesystem 2) filesystem type is a log-structured filesystem used in flash memory devices.

Log Suspicious Packets When enabled, this feature logs packets with un-routable source addresses to the kernel log.

Verify Permissions on /etc/hosts.deny The /etc/hosts.deny file contains network information that is used by many system applications and therefore must be readable for these applications to operate.

Set User/Group Owner and Permission on /etc/cron.hourly This directory contains system cron jobs that need to run on an hourly basis. The files in this directory cannot be manipulated by the crontab command, but are instead edited by system administrators using a text editor. The commands below restrict read/write and search access to user and group root, preventing regular users from accessing t ...

Disable SSH X11 Forwarding The X11Forwarding parameter provides the ability to tunnel X11 traffic through the connection to enable remote graphic connections.

Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   2535

© SecPod Technologies