[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

246852

 
 

909

 
 

194149

 
 

282

 
 
Paid content will be excluded from the download.

Filter
Matches : 30385 Download | Alert*

Disable Logwatch on Clients if a Logserver Exists Does your site have a central logserver which has been configured to report on logs received from all systems? If so: $ sudo rm /etc/cron.daily/0logwatch If no logserver exists, it will be necessary for each machine to run Logwatch individually. Using a central logserver provides the security and reliability benefits discussed earlier, and ...

Enable auditd Service The 'auditd' service is an essential userspace component of the Linux Auditing System, as it is responsible for writing audit records to disk. The 'auditd' service can be enabled with the following command: '$ sudo systemctl enable auditd'

Record Attempts to Alter Time Through stime If the 'auditd' daemon is configured to use the 'augenrules' program to read audit rules during daemon startup (the default), add the following line to a file with suffix '.rules' in the directory '/etc/audit/rules.d' for both 32 bit and 64 bit systems: '-a always,exit -F arch=b32 -S stime -k audit_time_rules' Since the 64 bit version of the "stime" sys ...

System Audit Logs Must Be Owned By Root To properly set the owner of '/var/log', run the command:

Record Attempts to Alter Logon and Logout Events The audit system already collects login info for all users and root. To watch for attempted manual edits of files involved in storing logon events, add the following to '/etc/audit/audit.rules': '-w /var/log/faillog -p wa -k logins -w /var/log/lastlog -p wa -k logins'

Ensure auditd Collects Information on the Use of Privileged Commands At a minimum the audit system should collect the execution of privileged commands for all users and root. To find the relevant setuid / setgid programs, run the following command for each local partition

Disable xinetd Service The 'xinetd' service can be disabled with the following command: '$ sudo systemctl disable xinetd'

Disable rexec Service The 'rexec' service, which is available with the 'rsh-server' package and runs as a service through xinetd, should be disabled. The 'rexec' service can be disabled with the following command: '$ sudo systemctl disable rexec'

Disable rsh Service The 'rsh' service, which is available with the 'rsh-server' package and runs as a service through xinetd, should be disabled. The 'rsh' service can be disabled with the following command: '$ sudo systemctl disable rsh'

Disable rlogin Service The 'rlogin' service, which is available with the 'rsh-server' package and runs as a service through xinetd, should be disabled. The 'rlogin' service can be disabled with the following command: '$ sudo systemctl disable rlogin'


Pages:      Start    3019    3020    3021    3022    3023    3024    3025    3026    3027    3028    3029    3030    3031    3032    ..   3038

© SecPod Technologies