Re: SIG - Hardening

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



apply also ideas from this document:
https://benchmarks.cisecurity.org/downloads/show-single/?file=rhel6.130

--
Eero

2015-04-22 9:30 GMT+03:00 Tim <lists@xxxxxxxx>:

> I am very interested.
>
> One of my suggestions:
>
> Firewall:
> Network based firewall zone assignment (possibly disabling interface based
> assignment)
>
> Regards
> Tim
>
> Am 22. April 2015 07:13:52 MESZ, schrieb Earl A Ramirez <
> earlaramirez@xxxxxxxxx>:
> >Dear All,
> >
> >About a week ago; I posted a proposal over on the centos-devel mailing
> >list, the proposal is for a SIG 'CentOS hardening', there were a few of
> >the members of the community who are also interested in this.
> >Therefore,
> >I am extending that  email to this community; where there is a larger
> >community.
> >
> >Some things that we will like to achieve are as follows:
> >SSH:
> >disable root (uncomment 'PermitRootLogin' and change to no)
> >enable 'strictMode'
> >modify 'MaxAuthTries'
> >modify 'ClientAliveInterval'
> >modify 'ClientAliveCountMax'
> >
> >Gnome:
> >disable Gnome user list
> >
> >Console:
> >Remove reboot, halt poweroff from /etc/security/console.app
> >
> >Applying security best practises from various compliance perspective,
> >e.g. STIG, SOX, PCI etc... We may also use NSA RHEL 5 secure
> >configuration guide to get some insight or use it as a baseline. The
> >members of the community who are interested in this SIG or are willing
> >to contribute are:
> >Leam Hall
> >Corey Henderson
> >Jason Pyeron
> >
> >You can find the post here [0]
> >
> >We will really like to get SIG approved by the CentOS board so if
> >anyone
> >is interested or willing to contribute we will be happy to have you
> >onboard.
> >
> >[0]
> >http://lists.centos.org/pipermail/centos-devel/2015-April/013197.html
> >
> >--
> >Earl A Ramirez <earlaramirez@xxxxxxxxx>
> >
> >_______________________________________________
> >CentOS mailing list
> >CentOS@xxxxxxxxxx
> >http://lists.centos.org/mailman/listinfo/centos
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> http://lists.centos.org/mailman/listinfo/centos
>
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux