[Forgot Password]
Login  Register Subscribe












Paid content will be excluded from the download.

Matches : 26408 Download | Alert*

Verify User/Group Ownership on /etc/shadow The /etc/shadow file contains the one-way cipher text passwords for each user defined in the /etc/passwd file. The command below sets the user and group ownership of the file to root.

Set Password Expiration Days The PASS_MAX_DAYS parameter in /etc/login.defs allows an administrator to force passwords to expire once they reach a defined age. It is recommended that the PASS_MAX_DAYS parameter be set to less than or equal to 90 days.

Set SSH Protocol to 2 SSH supports two different and incompatible protocols: SSH1 and SSH2. SSH1 was the original protocol and was subject to security issues. SSH2 is more advanced and secure.

Keep All Auditing Information Normally, auditd will hold 4 logs of maximum log file size before deleting older log files.

Disable SCTP The Stream Control Transmission Protocol (SCTP) is a transport layer protocol used to support message oriented communication, with several streams of messages in one connection. It serves a similar function as TCP and UDP, incorporating features of both. It is message-oriented like UDP, and ensures reliable in-sequence transport of messages with congestion control like TCP.

Make the Audit Configuration Immutable "Set system audit so that audit rules cannot be modified with auditctl. Setting the flag ""-e 2"" forces audit to be put in immutable mode. Audit changes can only be made on system reboot."

Configure logrotate The system includes the capability of rotating log files regularly to avoid filling up the system with logs or making the logs unmanageable large. The file /etc/logrotate.d/rsyslog is the configuration file used to rotate log files created by rsyslog.

Configure rsyslog to Send Logs to a Remote Log Host The rsyslog utility supports the ability to send logs it gathers to a remote log host running syslogd(8) or to receive messages from remote hosts, reducing administrative overhead.

Enable Bad Error Message Protection Setting icmp_ignore_bogus_error_responses to 1 prevents the kernel from logging bogus responses (RFC-1122 non-compliant) from broadcast reframes, keeping file systems from filling up with useless log messages.

Verify Permissions on /etc/hosts.allow The /etc/hosts.allow file contains networking information that is used by many applications and therefore must be readable for these applications to operate.

Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   2640

© SecPod Technologies