[Forgot Password]
Login  Register Subscribe












Paid content will be excluded from the download.

Matches : 24436 Download | Alert*

Install mod_ssl Install the 'mod_ssl' module: '$ sudo yum install mod_ssl'

Use Only Approved Ciphers Limit the ciphers to those algorithms which are FIPS-approved. Counter (CTR) mode is also preferred over cipher-block chaining (CBC) mode. The following line in '/etc/ssh/sshd_config' demonstrates use of FIPS-approved ciphers: 'Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc' The man page 'sshd_config(5)' contains a list of supported ci ...

Disable Interactive Boot To disable the ability for users to perform interactive startups, edit the file '/etc/sysconfig/init'. Add or correct the line: 'PROMPT=no' The 'PROMPT' option allows the console user to perform an interactive system startup, in which it is possible to select the set of services which are started on boot.

Serve Avahi Only via Required Protocol If you are using only IPv4, edit '/etc/avahi/avahi-daemon.conf' and ensure the following line exists in the '[server]' section: 'use-ipv6=no' Similarly, if you are using only IPv6, disable IPv4 sockets with the line: 'use-ipv4=no'

Disable URL Correction on Misspelled Entries The 'speling' module attempts to find a document match by allowing one misspelling in an otherwise failed request. If this functionality is unnecessary, comment out the module: '#LoadModule speling_module modules/mod_speling.so' This functionality weakens server security by making site enumeration easier.

Ensure the Default Umask is Set Correctly in /etc/profile To ensure the default umask controlled by '/etc/profile' is set properly, add or correct the 'umask' setting in '/etc/profile' to read as follows: 'umask 077

Configure Certificate Directives for LDAP Use of TLS Ensure a copy of a trusted CA certificate has been placed in the file '/etc/pki/tls/CA/cacert.pem'. Configure LDAP to enforce TLS use and to trust certificates signed by that CA. First, edit the file '/etc/pam_ldap.conf', and add or correct either of the following lines: 'tls_cacertdir /etc/pki/tls/CA' or 'tls_cacertfile /etc/pki/tls/CA/cacer ...

Set Password to Maximum of Three Consecutive Repeating Characters The pam_pwquality module's 'maxrepeat' parameter controls requirements for consecutive repeating characters. When set to a positive number, it will reject passwords which contain more than that number of consecutive characters. Modify the 'maxrepeat' setting in '/etc/security/pwquality.conf' to prevent a run of (

Do Not Use Dynamic DNS To prevent the DHCP server from receiving DNS information from clients, edit '/etc/dhcp/dhcpd.conf', and add or correct the following global option: 'ddns-update-style none;'

Record Events that Modify the System's Discretionary Access Controls - removexattr At a minimum the audit system should collect file permission changes for all users and root. If the 'auditd' daemon is configured to use the 'augenrules' program to read audit rules during daemon startup (the default), add the following line to a file with suffix '.rules' in the directory '/etc/audit/rules.d': '-a ...

Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   2443

© SecPod Technologies