[Forgot Password]
Login  Register Subscribe












Paid content will be excluded from the download.

Matches : 25354 Download | Alert*

Verify Only Root Has UID 0 If any account other than root has a UID of 0, this misconfiguration should be investigated and the accounts other than root should be removed or have their UID changed.

Ensure /tmp Located On Separate Partition The '/tmp' directory is a world-writable directory used for temporary file storage. Ensure it has its own partition or logical volume at installation time, or migrate it using LVM.

Set Password Strength Minimum Different Categories The pam_cracklib module's 'minclass' parameter controls requirements for usage of different character classes, or types, of character that must exist in a password before it is considered valid. For example, setting this value to three (3) requires that any password must have characters from at least three different categories in order to be appr ...

Verify that System Executables Have Restrictive Permissions System executables are stored in the following directories by default: /bin /usr/bin /usr/local/bin /sbin /usr/sbin /usr/local/sbin All files in these directories should not be group-writable or world-writable. If any file

Disable Interface Usage of IPv6 To disable interface usage of IPv6, add or correct the following lines in '/etc/sysconfig/network': NETWORKING_IPV6=no IPV6INIT=no

Disable Support for RPC IPv6 RPC services for NFSv4 try to load transport modules for 'udp6' and 'tcp6' by default, even if IPv6 has been disabled in '/etc/modprobe.d'. To prevent RPC services such as 'rpc.mountd' from attempting to start IPv6 network listeners, remove or comment out the following two lines in '/etc/netconfig': udp6 tpi_clts v inet6 udp - - tcp6 ...

Disable Accepting IPv6 Router Advertisements To set the runtime status of the 'net.ipv6.conf.default.accept_ra' kernel parameter, run the following command:

Disable Accepting IPv6 Redirects This setting prevents the system from accepting ICMP redirects. ICMP redirects tell the system about alternate routes for sending traffic.

Manually Assign Global IPv6 Address To manually assign an IP address for an interface, edit the file '/etc/sysconfig/network-scripts/ifcfg-interface'. Add or correct the following line (substituting the correct IPv6 address): 'IPV6ADDR=2001:0DB8::ABCD/64' Manually assigning an IP address is preferable to accepting one from routers or from the network otherwise. The example address here is an IPv6 ...

Use Privacy Extensions for Address To introduce randomness into the automatic generation of IPv6 addresses, add or correct the following line in '/etc/sysconfig/network-scripts/ifcfg-interface': 'IPV6_PRIVACY=rfc3041' Automatically-generated IPv6 addresses are based on the underlying hardware (e.g. Ethernet) address, and so it becomes possible to track a piece of hardware over its lifetime using ...

Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   2535

© SecPod Technologies