[Forgot Password]
Login  Register Subscribe

24437

 
 

131815

 
 

116564

 
 

909

 
 

91325

 
 

141

 
 
Paid content will be excluded from the download.

Filter
Matches : 24437 Download | Alert*

Set Deny For Failed Password Attempts To configure the system to lock out accounts after a number of incorrect login attempts using 'pam_faillock.so', modify the content of both '/etc/pam.d/system-auth' and '/etc/pam.d/password-auth' as follows: add the following line immediately 'before' the 'pam_unix.so' statement in the 'AUTH' section: auth required pam_faillock.so preauth silent deny=3 unloc ...

Install mod_security Install the 'security' module: '$ sudo yum install mod_security'

Record Attempts to Alter Time Through clock_settime If the 'auditd' daemon is configured to use the 'augenrules' program to read audit rules during daemon startup (the default), add the following line to a file with suffix '.rules' in the directory '/etc/audit/rules.d': '-a always,exit -F arch=b32 -S clock_settime -k audit_time_rules' If the system is 64 bit then also add the following line: '-a ...

Uninstall ypserv Package The 'ypserv' package can be uninstalled with the following command: '$ sudo yum erase ypserv'

Set Lockout Time For Failed Password Attempts To configure the system to lock out accounts after a number of incorrect login attempts and require an administrator to unlock the account using 'pam_faillock.so', modify the content of both '/etc/pam.d/system-auth' and '/etc/pam.d/password-auth' as follows: add the following line immediately 'before' the 'pam_unix.so' statement in the 'AUTH' sectio ...

Ensure that System Accounts Do Not Run a Shell Upon Login Some accounts are not associated with a human user of the system, and exist to perform some administrative function. Should an attacker be able to log into these accounts, they should not be granted access to a shell. The login shell for each local account is stored in the last field of each line in '/etc/passwd'. System accounts are thos ...

Disable Proxy Support The 'proxy' module provides proxying support, allowing 'httpd' to forward requests and serve as a gateway for other servers. If its functionality is unnecessary, comment out the module: '#LoadModule proxy_module modules/mod_proxy.so'

Disable Kernel Parameter for Accepting Secure Redirects By Default To set the runtime status of the 'net.ipv4.conf.default.secure_redirects' kernel parameter, run the following command:

Use Privacy Extensions for Address To introduce randomness into the automatic generation of IPv6 addresses, add or correct the following line in '/etc/sysconfig/network-scripts/ifcfg-interface': 'IPV6_PRIVACY=rfc3041' Automatically-generated IPv6 addresses are based on the underlying hardware (e.g. Ethernet) address, and so it becomes possible to track a piece of hardware over its lifetime using ...

Configure SELinux Policy The SELinux 'targeted' policy is appropriate for general-purpose desktops and servers, as well as systems in many other roles. To configure the system to use this policy, add or correct the following line in '/etc/selinux/config': 'SELINUXTYPE=targeted' Other policies, such as 'mls', provide additional security labeling and greater confinement but are not compatible with ...


Pages:      Start    4    5    6    7    8    9    10    11    12    13    14    15    16    17    ..   2443

© SecPod Technologies