[Forgot Password]
Login  Register Subscribe

30481

 
 

423868

 
 

256488

 
 

909

 
 

199193

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 30477 Download | Alert*

Use Root-Squashing on All Exports If a filesystem is exported using root squashing, requests from root on the client are considered to be unprivileged (mapped to a user such as nobody). This provides some mild protection against remote abuse of an NFS server. Root squashing is enabled by default, and should not be disabled. Ensure that no line in '/etc/exports' contains the option 'no_root_squas ...

Restrict NFS Clients to Privileged Ports By default, the server NFS implementation requires that all client requests be made from ports less than 1024. If your organization has control over machines connected to its network, and if NFS requests are prohibited at the border firewall, this offers some protection against malicious requests from unprivileged users. Therefore, the default should not b ...

Disable GNOME3 Automounting The system's default desktop environment, GNOME3, will mount devices and removable media (such as DVDs, CDs and USB flash drives) whenever they are inserted into the system. To disable automount and autorun within GNOME3, the 'automount', 'automount-open', and 'autorun-never' settings must be set under an appropriate configuration file(s) in the '/etc/dconf/db/local.d ...

Disable DNS Server The 'named' service can be disabled with the following command: '$ sudo systemctl disable named'

Disable Zone Transfers from the Nameserver Is it necessary for a secondary nameserver to receive zone dat Avia zone transfer from the primary server? If not, follow the instructions in this section. If so, see the next section for instructions on protecting zone transfers. Add or correct the following directive within '/etc/named.conf': options { allow-transfer { none; }; ... }

Authenticate Zone Transfers If it is necessary for a secondary nameserver to receive zone dat Avia zone transfer from the primary server, follow the instructions here. Use dnssec-keygen to create a symmetric key file in the current directory: $ cd /tmp $ sudo dnssec-keygen -a HMAC-MD5 -b 128 -n HOST dns.example.com Kdns.example.com .+aaa +iiiii This output is the name of a file containing the ne ...

Disable Dynamic Updates Is there a mission-critical reason to enable the risky dynamic update functionality? If not, edit '/etc/named.conf'. For each zone specification, correct the following directive if necessary: zone "example.com " IN { allow-update { none; }; ... };

Disable vsftpd Service The 'vsftpd' service can be disabled with the following command: '$ sudo systemctl disable vsftpd'

Install vsftpd Package If this machine must operate as an FTP server, install the 'vsftpd' package via the standard channels. '$ sudo yum install vsftpd'

Place the FTP Home Directory on its Own Partition By default, the anonymous FTP root is the home directory of the FTP user account. The df command can be used to verify that this directory is on its own partition.


Pages:      Start    2989    2990    2991    2992    2993    2994    2995    2996    2997    2998    2999    3000    3001    3002    ..   3047

© SecPod Technologies