[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249966

 
 

909

 
 

195636

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 30475 Download | Alert*

Disable rlogin Service The 'rlogin' service, which is available with the 'rsh-server' package and runs as a service through xinetd, should be disabled. The 'rlogin' service can be disabled with the following command: '$ sudo systemctl disable rlogin'

Disable telnet Service The 'telnet' service configuration file '/etc/xinetd.d/telnet' is not created automatically. If it was created manually, check the '/etc/xinetd.d/telnet' file and ensure that 'disable = no' is changed to read 'disable = yes' as follows below: # description: The telnet server serves telnet sessions; it uses \\ # unencrypted username/password pairs for authentication. ...

Configure mountd to use static port Configure the 'mountd' daemon to use a static port as opposed to letting the RPC Bind service dynamically assign a port. Edit the file '/etc/sysconfig/nfs'. Add or correct the following line: 'MOUNTD_PORT=statd-port' Where 'mountd-port' is a port which is not used by any other service on your network.

Record Attempts to Alter Logon and Logout Events The audit system already collects login info for all users and root. To watch for attempted manual edits of files involved in storing logon events, add the following to '/etc/audit/audit.rules': '-w /var/log/faillog -p wa -k logins -w /var/log/lastlog -p wa -k logins'

Disable Zeroconf Networking Zeroconf networking allows the system to assign itself an IP address and engage in IP communication without a statically-assigned address or even a DHCP server. Automatic address assignment via Zeroconf (or DHCP) is not recommended. To disable Zeroconf automatic route assignment in the 169.254.0.0 subnet, add or correct the following line in '/etc/sysconfig/network': ' ...

Remove Rsh Trust Files The files '/etc/hosts.equiv' and '~/.rhosts' (in each user's home directory) list remote hosts and users that are trusted by the local system when using the rshd daemon. To remove these files, run the following command to delete them from any location: '$ sudo rm /etc/hosts.equiv' '$ rm ~/.rhosts'

Disable Server Activity Status The 'status' module provides real-time access to statistics on the internal operation of the web server. This may constitute an unnecessary information leak and should be disabled unless necessary. To do so, comment out the related module: '#LoadModule status_module modules/mod_status.so' If there is a critical need for this module, ensure that access to the status ...

Disable LDAP Support The 'ldap' module provides HTTP authentication via an LDAP directory. If its functionality is unnecessary, comment out the related modules: #LoadModule ldap_module modules/mod_ldap.so #LoadModule authnz_ldap_module modules/mod_authnz_ldap.so If LDAP is to be used, SSL encryption should be used as well.

Disable rsh Service The 'rsh' service, which is available with the 'rsh-server' package and runs as a service through xinetd, should be disabled. The 'rsh' service can be disabled with the following command: '$ sudo systemctl disable rsh'

Prevent Log In to Accounts With Empty Password If an account is configured for password authentication but does not have an assigned password, it may be possible to log into the account without authentication. Remove any instances of the 'nullok' option in '/etc/pam.d/system-auth' to prevent logins with empty passwords.


Pages:      Start    3021    3022    3023    3024    3025    3026    3027    3028    3029    3030    3031    3032    3033    3034    ..   3047

© SecPod Technologies