On 11.10.19 22:40, Warren Young wrote: > On Oct 11, 2019, at 12:12 PM, Jerry Geis <jerry.geis@xxxxxxxxx> wrote: >> >> is there a script that is available that can be ran to bring >> a box up to current "accepted" levels ? > > I don’t know why you’d use a script for this at all. Just ship a new HTTPS configuration to each server. Apache loads all *.conf files in its configuration directory, so you might be able to just add another file to the existing config set. If not, then replace the existing config file instead. Instead of configuring every application separataly it would be nice if "accepted levels of security" could be set system wide. With 8 it seems there is such a thing https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening Although I believe that FIPS mode is also available in 7 I did not used neither system wide cryptographic policies nor FIPS mode so my post is more the theoretical one, but I thought it is on topic. -- Kind Regards, Markus Falb _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx https://lists.centos.org/mailman/listinfo/centos