[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248392

 
 

909

 
 

195452

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 194475 Download | Alert*

The login window must be configured to prompt all users for both a username and a password. By default, the system displays a list of known users at the login screen. This gives an advantage to an attacker with physical access to the system, as the attacker would only have to guess the password for one of the listed accounts.

Controls whether the login window shows a list of non-local (other) users from which to choose when logging in, or shows fields in which a user and a password can be entered. In loginwindow.plist, set the SHOWOTHERUSERS_MANAGED key = false. If the key does not exist, a list of users is displayed.

The audit logs must not have extended ACLs. Use the chmod command to apply or remove the extended ACL permissions as appropriate.

Hide or display the shutdown button in the login window. In loginwindow.plist, set the ShutDownDisabled key = true to hide the button. If the key does not exist, the button is displayed.

The permissions of the audit configuration files must be 0555 or less. In /etc/security, audit_class, audit_control, audit_event, audit_warn, and audit_user permissions set via chmod.

Hide or display the sleep button in the login window. In loginwindow.plist, set the SleepDisabled key = true to hide the button. If the key does not exist, the button is displayed.

The audit tool executables should not have extended ACLs. Use the chmod command to apply or remove the extended ACL permissions as appropriate. In /usr/sbin, auditd, audit, auditreduce, and praudit set via chmod.

Controls when, and if, a password hint is given the user, based on the number of failed login attempts. In loginwindow.plist, set the RetriesUntilHint key = X to show a hint after X login failures, or set the key = 0 to disable hints.

Controls whether inactivity logs out a user and, if so, how many minutes are required to trigger logout. In .GlobalPreferences.plist, delete the AutoLogoutDelay key to disable inactivity logout.

The permissions of the /etc/services file must be 0644 or less. The services file contains information regarding the known services available in the DARPA Internet. For each service a single line should be present with the following information: official service name, port number, protocol name, aliases.


Pages:      Start    11570    11571    11572    11573    11574    11575    11576    11577    11578    11579    11580    11581    11582    11583    ..   19447

© SecPod Technologies