[Forgot Password]
Login  Register Subscribe

25354

 
 

132805

 
 

139230

 
 

909

 
 

113006

 
 

156

 
 
Paid content will be excluded from the download.

Filter
Matches : 25354 Download | Alert*

Mount Remote Filesystems with nosuid

Mount Remote Filesystems with nodev

Disable Booting from USB Devices in Boot Firmware Configure the system boot firmware (historically called BIOS on PC systems) to disallow booting from USB drives.

Disable Kernel Support for USB via Bootloader Configuration All USB support can be disabled by adding the 'nousb' argument to the kernel's boot loader configuration. To do so, append "nousb" to the kernel line in '/etc/grub.conf' as shown: 'kernel /vmlinuz-

Remove the X Windows Package Group Removing all packages which constitute the X Window System ensures users or malicious software cannot start X. To do so, run the following command: '$ sudo yum groupremove "X Window System"'

Bind Mount /var/tmp To /tmp The '/var/tmp' directory is a world-writable directory. Bind-mount it to '/tmp' in order to consolidate temporary storage into one location protected by the same techniques as '/tmp'. To do so, edit '/etc/fstab' and add the following line: '/tmp /var/tmp none rw,nodev,noexec,nosuid,bind 0 0' See the 'mount(8)' man page for further explanation of bind ...

Add nosuid Option to /dev/shm The 'nosuid' mount option can be used to prevent execution of setuid programs in '/dev/shm'. The SUID and SGID permissions should not be required in these world-writable directories.

Add noexec Option to /dev/shm The 'noexec' mount option can be used to prevent binaries from being executed out of '/dev/shm'. It can be dangerous to allow the execution of binaries from world-writable temporary storage directories such as '/dev/shm'.

Add nodev Option to /dev/shm The 'nodev' mount option can be used to prevent creation of device files in '/dev/shm'. Legitimate character and block devices should not exist within temporary directories like '/dev/shm'.

Add nosuid Option to /tmp The 'nosuid' mount option can be used to prevent execution of setuid programs in '/tmp'. The SUID and SGID permissions should not be required in these world-writable directories.


Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   2535

© SecPod Technologies