[Forgot Password]
Login  Register Subscribe












Paid content will be excluded from the download.

Matches : 24437 Download | Alert*

Set LogLevel to INFO The INFO parameter specifices that record login and logout activity will be logged.

Set Permissions on /etc/ssh/sshd_config The /etc/ssh/sshd_config file contains configuration specifications for sshd. The command below sets the owner and group of the file to root.

Disable SSH X11 Forwarding The X11Forwarding parameter provides the ability to tunnel X11 traffic through the connection to enable remote graphic connections.

Set SSH MaxAuthTries to 4 or Less The MaxAuthTries parameter specifies the maximum number of authentication attempts permitted per connection. When the login failure count reaches half the number, error messages will be written to the syslog file detailing the login failure.

Disable SSH Root Login The PermitRootLogin parameter specifies if the root user can log in using ssh(1). The default is no.

Do Not Allow Users to Set Environment Options The PermitUserEnvironment option allows users to present environment options to the ssh daemon.

Limit Access via SSH There are several options available to limit which users and group can access the system via SSH. It is recommended that at least one of the following options be leveraged: AllowUsers The AllowUsers variable gives the system administrator the option of allowing specific users to ssh into the system. The list consists of comma separated user names. Numeric userIDs are not reco ...

Restrict Access to the su Command The su command allows a user to run a command or shell as another user. The program has been superseded by sudo, which allows for more granular control over privileged access. Normally, the su command can be executed by any user. By uncommenting the pam_wheel.so statement in /etc/pam.d/su, the su command will only allow users in the wheel group to execute su.

Set Password Expiration Days The PASS_MAX_DAYS parameter in /etc/login.defs allows an administrator to force passwords to expire once they reach a defined age. It is recommended that the PASS_MAX_DAYS parameter be set to less than or equal to 90 days.

Set Password Change Minimum Number of Days The PASS_MIN_DAYS parameter in /etc/login.defs allows an administrator to prevent users from changing their password until a minimum number of days have passed since the last time the user changed their password. It is recommended that PASS_MIN_DAYS parameter be set to 7 or more days.

Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   2443

© SecPod Technologies