[Forgot Password]
Login  Register Subscribe

30480

 
 

423868

 
 

251625

 
 

909

 
 

196370

 
 

282

 
 
Paid content will be excluded from the download.

Filter
Matches : 30476 Download | Alert*

The Redis server should be always protected with authentication else any remote attacker can exploit this to gain unauthorized access to the server

Description: The contents of the /etc/motd file are displayed to users after login and function as a message of the day for authenticated users. Rationale: If the /etc/motd file does not have the correct ownership it could be modified by unauthorized users with incorrect or misleading information. Audit: Run the following command and verify Uid and Gid are both 0/root and Access is 644 : # s ...

Description: ip6tables.service is a utility for configuring and maintaining ip6tables Rationale: ip6tables.service will load the iptables rules saved in the file /etc/sysconfig/ip6tables at boot, otherwise the ip6tables rules will be cleared during a re-boot of the system. Remediation: Run the following command to enable and start ip6tables: # systemctl --now start ip6tables

Description: iptables.service is a utility for configuring and maintaining iptables Rationale: iptables.service will load the iptables rules saved in the file /etc/sysconfig/iptables at boot, otherwise the ip6tables rules will be cleared during a re-boot of the system. Remediation: Run the following command to enable and start iptables: # systemctl --now start iptables

The eXtended InterNET Daemon ( xinetd ) is an open source super daemon that replaced the original inetd daemon. The xinetd daemon listens for well known services and dispatches the appropriate daemon to properly respond to service requests. Rationale: If there are no xinetd services required, it is recommended that the package be removed. Fix: Run the following c ...

The inetd daemon listens for well known services and dispatches the appropriate daemon to properly respond to service requests. Rationale: If there are no inetd services required, it is recommended that the daemon be removed. Fix: Run the following command to uninstall openbsd-inetd: apt remove openbsd-inetd

The telnet package contains the telnet client, which allows users to start connections to other systems via the telnet protocol. Rationale: The telnet protocol is insecure and unencrypted. The use of an unencrypted transmission medium could allow an unauthorized user to steal credentials. The ssh package provides an encrypted session and stronger security and is included in most ...

The Lightweight Directory Access Protocol (LDAP) was introduced as a replacement for NIS/YP. It is a service that provides a method for looking up information from a central database. Rationale: If the system will not need to act as an LDAP client, it is recommended that the software be removed to reduce the potential attack surface. Fix: Run the following comman ...

The rsyncd service can be used to synchronize files between systems over network links. Rationale: The rsyncd service presents a security risk as it uses unencrypted protocols for communication. Fix: Run the following command to disable rsync # systemctl --now disable rsync

"Hide or display the sleep button in the login window Hide or display the sleep button in the login window."


Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   3047

© SecPod Technologies