[Forgot Password]
Login  Register Subscribe












Paid content will be excluded from the download.

Matches : 24437 Download | Alert*

Disable rexec Service The 'rexec' service, which is available with the 'rsh-server' package and runs as a service through xinetd, should be disabled. The 'rexec' service can be disabled with the following command: '$ sudo systemctl disable rexec'

Uninstall talk-server Package The 'talk-server' package can be removed with the following command: '$ sudo yum erase talk-server'

Disable Accepting IPv6 Redirects This setting prevents the system from accepting ICMP redirects. ICMP redirects tell the system about alternate routes for sending traffic.

Disable HTTP Digest Authentication The 'auth_digest' module provides encrypted authentication sessions. If this functionality is unnecessary, comment out the related module: '#LoadModule auth_digest_module modules/mod_auth_digest.so'

Set httpd ServerSignature Directive to Off 'ServerSignature Off' restricts 'httpd' from displaying server version number on error pages. Add or correct the following directive in '/etc/httpd/conf/httpd.conf': 'ServerSignature Off'

Install AIDE Install the AIDE package with the command: '$ sudo yum install aide'

Configure Logwatch HostLimit Line On a central logserver, you want Logwatch to summarize all syslog entries, including those which did not originate on the logserver itself. The 'HostLimit' setting tells Logwatch to report on all hosts, not just the one on which it is running. ' HostLimit = no '

Disable Cache Support The 'cache' module allows 'httpd' to cache data, optimizing access to frequently accessed content. However, it introduces potential security flaws such as the possibility of circumventing 'Allow' and 'Deny' directives. If this functionality is unnecessary, comment out the module: '#LoadModule cache_module modules/mod_cache.so' If caching is required, it should not be enable ...

Restrict NFS Clients to Privileged Ports By default, the server NFS implementation requires that all client requests be made from ports less than 1024. If your organization has control over machines connected to its network, and if NFS requests are prohibited at the border firewall, this offers some protection against malicious requests from unprivileged users. Therefore, the default should not b ...

Set Password Hashing Algorithm in /etc/libuser.conf In '/etc/libuser.conf', add or correct the following line in its '[defaults]' section to ensure the system will use the SHA-512 algorithm for password hashing: 'crypt_style = sha512'

Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   2443

© SecPod Technologies