Record Events That Modify the System's Network Environment
Record changes to network environment files or system calls. The below parameters monitor the sethostname (set the systems host name) or setdomainname (set the systems domainname) system calls, and write an audit event on system call exit. The other parameters monitor the /etc/issue and /etc/issue.net files (messages displayed pre- login) ...
Ensure talk client is not installed
The talk software makes it possible for users to send and receive messages across systems through a terminal session.
Ensure the X Window system is not installed
The X Window system provides a Graphical User Interface (GUI) where users can have multiple windows in which to run programs and various add on. The X Window system is typically used on desktops where users login, but not on servers where users typically do not login.
Set User/Group Owner and Permission on /etc/crontab
The /etc/crontab file is used by cron to control its own jobs. The commands in this item make sure that root is the user and group owner of the file and that only the owner can access the file.
Verify User/Group Ownership on /etc/passwd
The /etc/passwd file contains a list of all the valid userIDs defined in the system, but not the passwords. The command below sets the owner and group of the file to root.
Disable Source Routed Packet Acceptance
In networking, source routing allows a sender to partially or fully specify the route packets take through a network. In contrast, non-source routed packets travel a path determined by routers in the network. In some cases, systems may not be routable or reachable from some locations (e.g. private addresses vs. Internet routable), and so source routed packe ...
Disable IPv6 Redirect Acceptance
This setting prevents the system from accepting ICMP redirects. ICMP redirects tell the system about alternate routes for sending traffic.
Set Boot Loader Password
Setting the boot loader password will require that anyone rebooting the system must enter a password before being able to set command line boot parameters