On 11.10.19 22:40, Warren Young wrote:
> On Oct 11, 2019, at 12:12 PM, Jerry Geis <jerry.geis@xxxxxxxxx> wrote:
>>
>> is there a script that is available that can be ran to bring
>> a box up to current "accepted" levels ?
>
> I don’t know why you’d use a script for this at all. Just ship a new HTTPS configuration to each server. Apache loads all *.conf files in its configuration directory, so you might be able to just add another file to the existing config set. If not, then replace the existing config file instead.
Instead of configuring every application separataly it would be nice if
"accepted levels of security" could be set system wide.
With 8 it seems there is such a thing
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening
Although I believe that FIPS mode is also available in 7
I did not used neither system wide cryptographic policies nor FIPS mode
so my post is more the theoretical one, but I thought it is on topic.
--
Kind Regards, Markus Falb
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
