Re: SIG - Hardening

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



I am very interested.

One of my suggestions:

Firewall:
Network based firewall zone assignment (possibly disabling interface based assignment)

Regards
Tim

Am 22. April 2015 07:13:52 MESZ, schrieb Earl A Ramirez <earlaramirez@xxxxxxxxx>:
>Dear All,
>
>About a week ago; I posted a proposal over on the centos-devel mailing
>list, the proposal is for a SIG 'CentOS hardening', there were a few of
>the members of the community who are also interested in this.
>Therefore,
>I am extending that  email to this community; where there is a larger
>community. 
>
>Some things that we will like to achieve are as follows:
>SSH:
>disable root (uncomment 'PermitRootLogin' and change to no)
>enable 'strictMode'
>modify 'MaxAuthTries'
>modify 'ClientAliveInterval'
>modify 'ClientAliveCountMax'
>
>Gnome:
>disable Gnome user list
>
>Console:
>Remove reboot, halt poweroff from /etc/security/console.app
>
>Applying security best practises from various compliance perspective,
>e.g. STIG, SOX, PCI etc... We may also use NSA RHEL 5 secure
>configuration guide to get some insight or use it as a baseline. The
>members of the community who are interested in this SIG or are willing
>to contribute are:
>Leam Hall
>Corey Henderson
>Jason Pyeron
>
>You can find the post here [0]
>
>We will really like to get SIG approved by the CentOS board so if
>anyone
>is interested or willing to contribute we will be happy to have you
>onboard.
>
>[0]
>http://lists.centos.org/pipermail/centos-devel/2015-April/013197.html
>
>-- 
>Earl A Ramirez <earlaramirez@xxxxxxxxx>
>
>_______________________________________________
>CentOS mailing list
>CentOS@xxxxxxxxxx
>http://lists.centos.org/mailman/listinfo/centos
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux