[Forgot Password]
Login  Register Subscribe

30480

 
 

423868

 
 

251782

 
 

909

 
 

196543

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 30476 Download | Alert*

Restrict NFS Clients to Privileged Ports By default, the server NFS implementation requires that all client requests be made from ports less than 1024. If your organization has control over machines connected to its network, and if NFS requests are prohibited at the border firewall, this offers some protection against malicious requests from unprivileged users. Therefore, the default should not b ...

Disable Cache Support The 'cache' module allows 'httpd' to cache data, optimizing access to frequently accessed content. However, it introduces potential security flaws such as the possibility of circumventing 'Allow' and 'Deny' directives. If this functionality is unnecessary, comment out the module: '#LoadModule cache_module modules/mod_cache.so' If caching is required, it should not be enable ...

Configure Logwatch HostLimit Line On a central logserver, you want Logwatch to summarize all syslog entries, including those which did not originate on the logserver itself. The 'HostLimit' setting tells Logwatch to report on all hosts, not just the one on which it is running. ' HostLimit = no '

Set httpd ServerSignature Directive to Off 'ServerSignature Off' restricts 'httpd' from displaying server version number on error pages. Add or correct the following directive in '/etc/httpd/conf/httpd.conf': 'ServerSignature Off'

Disable HTTP Digest Authentication The 'auth_digest' module provides encrypted authentication sessions. If this functionality is unnecessary, comment out the related module: '#LoadModule auth_digest_module modules/mod_auth_digest.so'

Disable rexec Service The 'rexec' service, which is available with the 'rsh-server' package and runs as a service through xinetd, should be disabled. The 'rexec' service can be disabled with the following command: '$ sudo systemctl disable rexec'

Auditing of 'Account Logon: Kerberos Authentication Service' events on success should be enabled or disabled as appropriate.

To set the runtime status of the 'net.ipv4.conf.all.accept_source_route' kernel parameter, run the following command:

Ensure auditd Collects Information on the Use of Privileged Commands At a minimum the audit system should collect the execution of privileged commands for all users and root. To find the relevant setuid / setgid programs, run the following command for each local partition

Ensure gpgcheck Enabled In Main Yum Configuration The 'gpgcheck' option controls whether RPM packages' signatures are always checked prior to installation. To configure yum to check package signatures before installing them, ensure the following line appears in '/etc/yum.conf' in the '[main]' section: 'gpgcheck=1'


Pages:      Start    3025    3026    3027    3028    3029    3030    3031    3032    3033    3034    3035    3036    3037    3038    ..   3047

© SecPod Technologies