Require packet signing of clients who mount Samba shares using the mount.cifs program (e.g., those who
specify shares in /etc/fstab). To do so, ensure that signing options (either sec=krb5i or sec=ntlmv2i) are
If user home directories will be stored locally, create a separate
partition for /home. If /home will be mounted from another system such as an NFS server, then
creating a separate partition is not necessary at this time, and the mountpoi ...
Audit logs are stored in the /var/log/audit directory.
Ensure that it has its own partition or logical volume. Make absolutely certain
that it is large enough to store all audit logs that will be created by the auditing
The /var directory is used by daemons and other system
services to store frequently-changing data. It is not uncommon for the /var directory
to contain world-writable directories, installed by other software packages.
The default setting for accepting "secure" ICMP redirects (those from gateways listed in the default gateways list) should be enabled or disabled for network interfaces as appropriate.
To ensure that signature checking is not disabled for any repos, ensure that the following line DOES NOT
appear in any repo con���guration ���les in /etc/yum.repos.d or elsewhere
>Verify the integrity of installed packages by comparing the installed ���les with
information about the ���les taken from the package metadata stored in the RPM