[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248038

 
 

909

 
 

194772

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 30475 Download | Alert*

Title: Ensure journald log rotation is configured per site policy (SystemMaxUse) Description: Journald includes the capability of rotating log files regularly to avoid filling up the system with logs or making the logs unmanageably large. The file /etc/systemd/journald.conf is the configuration file used to specify how logs generated by Journald should be rotated. Rationale: By keeping ...

Title: Ensure remote login warning banner is configured properly Description: The contents of the /etc/issue.net file are displayed to users prior to login for remote connections from configured services. Unix-based systems have typically displayed information about the OS release and patch level upon logging in to the system. This information can be useful to developers who are develo ...

Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one. Audit records can be generated from various components within the information system (e.g., module or policy filter). Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-0000 ...

Description: GDM is the GNOME Display Manager which handles graphical login for GNOME based systems. The disable-user-list option controls is a list of users is displayed on the login screen. Rationale: Displaying the user list eliminates half of the Userid/Password equation that an unauthorized person would need to log on. Fix: Edit or create the file ...

Description: By default GNOME automatically mounts removable media when inserted as a convenience to the user. Rationale: With automounting enabled anyone with physical access could attach a USB drive or disc and have its contents available in system even if they lacked permissions to mount it themselves. Fix: Edit or create the file /etc/dconf/db/loca ...

Description: The `nosuid` mount option specifies that the filesystem cannot contain `setuid` files. Rationale: Setting this option on a file system prevents users from introducing privileged programs onto the system and allowing non-root users to execute them. Audit: Verify that the `nosuid` option is set if a `/var` partition exists.Run the following command and verify that nothing is returned:# ...

Title: Ensure nodev option set on /var/log/audit partition Description: The nodev mount option specifies that the filesystem cannot contain special devices. Rationale: Since the /var/log/audit filesystem is not intended to support devices, set this option to ensure that users cannot create a block or character special devices in /var/log/audit . Audit: Verify that the nodev opti ...

Title: Ensure nosuid option set on /var/log/audit partition Description: The nosuid mount option specifies that the filesystem cannot contain setuid files. Rationale: Since the /var/log/audit filesystem is only intended for variable files such as logs, set this option to ensure that users cannot create setuid files in /var/log/audit . Audit: Verify that the nosuid option is se ...

Title: Ensure core dump backtraces are disabled Description: A core dump is the memory of an executable program. It is generally used to determine why a program aborted. It can also be used to glean confidential information from a core file. Rationale: A core dump includes a memory image taken at the time the operating system terminates an application. The memory image could contain se ...

X Display Manager Control Protocol (XDMCP) is designed to provide authenticated access to display management services for remote displays. Rationale: XDMCP is inherently insecure. 1. XDMCP is not a ciphered protocol. This may allow an attacker to capture keystrokes entered by a user 2. XDMCP is vulnerable to man-in-the-middle attacks. This may allow an attacker to ...


Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   3047

© SecPod Technologies