![]() Limit connections to services running on the host to authorized users of the service via firewalls and other access control technologies.Īll administrator or root access must be logged.Ĭonfigure log shipping to separate device/service (e.g. Network Security and Firewall Configuration ![]() Remove legacy services (e.g., telnet-server rsh, rlogin, rcp ypserv, ypbind tftp, tftp-server talk, talk-server).ĭisable any services and applications started by xinetd or inetd that are not being utilized.ĭisable legacy services (e.g., chargen-dgram, chargen-stream, daytime-dgram, daytime-stream, echo-dgram, echo-stream, tcpmux-server).ĭisable or remove server services that are not going to be utilized (e.g., FTP, DNS, LDAP, SMB, DHCP, NFS, SNMP, etc.). Set user/group owner to root, and permissions to read and write for root only, on /boot/grub2/grub.cfgĮnable randomized virtual memory region placement. Install the Red Hat GPG key and enable gpgcheck. Register with Red Hat Satellite Server so that the system can receive patch updates. Set sticky bit on all world-writable directories. Set nodev, nosuid, and noexec options on /dev/shm If machine is a new install, protect it from hostile network traffic, until the operating system is installed and hardened.Ĭonfigure the device boot order to prevent unauthorized booting from alternate media.Ĭreate a separate partition with the nodev, nosuid, and noexec options set for /tmpĬreate separate partitions for /var, /var/log, /var/log/audit, and /home ![]() Red Hat Enterprise Linux 7 Hardening Checklist | UT Austin Information Security Office retweet icon bullhorn icon reply icon info icon flickr icon tumblr icon vimeo icon reddit icon podcast icon angle-down icon angle-left icon angle-right icon angle-up icon ban icon hamburger icon book icon bookmark icon bug icon caret-down icon caret-left icon caret-right icon caret-up icon chain icon check icon check-circle icon chevron-down icon chevron-left icon chevron-right icon chevron-up icon circle icon circle-o icon clone icon close icon download-cloud icon code icon download icon ellipsis icon envelope icon warning icon external-link icon eye icon eye-slash icon facebook icon github icon google-plus icon heart icon heart-o icon home icon info-circle icon instagram icon linkedin icon lock icon medium icon minus-circle icon send icon pause-circle icon play-circle icon plus-circle icon question-circle icon quote-left icon quote-right icon rss-square icon search icon share-alt icon slack icon snapchat icon ticket icon twitter icon wheelchair icon youtube icon ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |