Ensure /tmp Located On Separate Partition
The '/tmp' directory is a world-writable directory used
for temporary file storage. Ensure it has its own partition or
logical volume at installation time, or migrate it using LVM.
Set Password Strength Minimum Different Categories
The pam_cracklib module's 'minclass' parameter controls requirements for
usage of different character classes, or types, of character that must exist in a password
before it is considered valid. For example, setting this value to three (3) requires that
any password must have characters from at least three different categories in order to be
Verify that System Executables Have Restrictive Permissions
System executables are stored in the following directories by default:
All files in these directories should not be group-writable or world-writable.
If any file
Disable Support for RPC IPv6
RPC services for NFSv4 try to load transport modules for
'udp6' and 'tcp6' by default, even if IPv6 has been disabled in
'/etc/modprobe.d'. To prevent RPC services such as 'rpc.mountd'
from attempting to start IPv6 network listeners, remove or comment out the
following two lines in '/etc/netconfig':
udp6 tpi_clts v inet6 udp - -
Manually Assign Global IPv6 Address
To manually assign an IP address for an interface, edit the
file '/etc/sysconfig/network-scripts/ifcfg-interface'. Add or correct the
following line (substituting the correct IPv6 address):
Manually assigning an IP address is preferable to accepting one from routers or
from the network otherwise. The example address here is an IPv6 ...
Use Privacy Extensions for Address
To introduce randomness into the automatic generation of IPv6
addresses, add or correct the following line in
Automatically-generated IPv6 addresses are based on the underlying hardware
(e.g. Ethernet) address, and so it becomes possible to track a piece of
hardware over its lifetime using ...