[Forgot Password]
Login  Register Subscribe












Paid content will be excluded from the download.

Matches : 25354 Download | Alert*

Verify Permissions on /etc/group The /etc/group file contains a list of all the valid groups defined in the system. The command below allows read/write access for root and read access for everyone else.

Set Default umask for Users The default umask determines the permissions of files created by users. The user creating the file has the discretion of making their files and directories readable by others via the chmod command. Users who wish to allow their files and directories to be readable by others by default may choose a different default umask by inserting the umask command into the standard ...

Make the Audit Configuration Immutable "Set system audit so that audit rules cannot be modified with auditctl. Setting the flag ""-e 2"" forces audit to be put in immutable mode. Audit changes can only be made on system reboot."

Install AIDE In some installations, AIDE is not installed automatically.

Set SSH HostbasedAuthentication to No The HostbasedAuthentication parameter specifies if authentication is allowed through trusted hosts via the user of .rhosts, or /etc/hosts.equiv, along with successful public key client host authentication. This option only applies to SSH Protocol Version 2.

Configure Audit Log Storage Size Configure the maximum size of the audit log file. Once the log reaches the maximum size, it will be rotated and a new log file will be started.

Implement Periodic Execution of File Integrity Implement periodic file checking, in compliance with site policy.

Set User/Group Owner and Permission on /etc/cron.d The /etc/cron.d directory contains system cron jobs that need to run in a similar manner to the hourly, daily weekly and monthly jobs from /etc/crontab, but require more granular control as to when they run. The files in this directory cannot be manipulated by the crontab command, but are instead edited by system administrators using a text edito ...

Record Events That Modify Date and Time Information "Capture events where the system date and/or time has been modified. The parameters in this section are set to determine if the adjtimex (tune kernel clock), settimeofday (Set time, using timeval and timezone structures) stime (using seconds since 1/1/1970) or clock_settime (allows for the setting of several internal clocks and timers) system ca ...

Collect File Deletion Events by User "Monitor the use of system calls associated with the deletion or renaming of files and file attributes. This configuration statement sets up monitoring for the unlink (remove a file), unlinkat (remove a file attribute), rename (rename a file) and renameat (rename a file attribute) system calls and tags them with the identifier ""delete""."

Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   2535

© SecPod Technologies