[Forgot Password]
Login  Register Subscribe












Paid content will be excluded from the download.

Matches : 24436 Download | Alert*

Make the auditd Configuration Immutable Add the following to '/etc/audit/audit.rules' in order to make the configuration immutable: '-e 2' With this setting, a reboot will be required to change any audit rules.

Disable Web Server Configuration Display The 'info' module creates a web page illustrating the configuration of the web server. This can create an unnecessary security leak and should be disabled. If its functionality is unnecessary, comment out the module: '#LoadModule info_module modules/mod_info.so' If there is a critical need for this module, use the 'Location' directive to provide an access ...

Remove telnet Clients The telnet client allows users to start connections to other systems via the telnet protocol.

Configure SNMP Service to Use Only SNMPv3 or Newer Edit '/etc/snmp/snmpd.conf', removing any references to 'rocommunity', 'rwcommunity', or 'com2sec'. Upon doing that, restart the SNMP service: '$ sudo service snmpd restart'

Enable the SSL flag in /etc/dovecot.conf To allow clients to make encrypted connections the 'ssl' flag in Dovecot's configuration file needs to be set to 'yes'. Edit '/etc/dovecot/conf.d/10-ssl.conf' and add or correct the following line: 'ssl = yes'

Ensure tftp Daemon Uses Secure Mode If running the 'tftp' service is necessary, it should be configured to change its root directory at startup. To do so, ensure '/etc/xinetd.d/tftp' includes '-s' as a command line argument, as shown in the following example (which is also the default): 'server_args = -s /var/lib/tftpboot'

Configure auditd admin_space_left Action on Low Disk Space The 'auditd' service can be configured to take an action when disk space is running low but prior to running out of space completely. Edit the file '/etc/audit/auditd.conf'. Add or modify the following line, substituting

Use Root-Squashing on All Exports If a filesystem is exported using root squashing, requests from root on the client are considered to be unprivileged (mapped to a user such as nobody). This provides some mild protection against remote abuse of an NFS server. Root squashing is enabled by default, and should not be disabled. Ensure that no line in '/etc/exports' contains the option 'no_root_squas ...

Uninstall dovecot Package The 'dovecot' package can be uninstalled with the following command: '$ sudo yum erase dovecot'

Enable Randomized Layout of Virtual Address Space To set the runtime status of the 'kernel.randomize_va_space' kernel parameter, run the following command:

Pages:      Start    6    7    8    9    10    11    12    13    14    15    16    17    18    19    ..   2443

© SecPod Technologies