Hello, I am in the process of hardening my Bastion Hosts before exposing them externally. I have noticed quite a bit of press about LIDS and the kernel control. I am testing it out on non-production boxes with RH 7.3, however I needed to use a stock kernel. My production Bastion hosts are RH ES v.3. I do not want to use a stock kernel on those machines. I have noticed [very little] press online regarding the ability to "manually" remove super user kernel capabilities by either/or editing the capability.h file or using other software like lcap. I have limited knowledge of libcap, but it seems to sport some of the same features as lcap (the ability to remove capabilities). Can anyone point me toward documentation regarding the process of removing some of these capabilities using any of the methods above? thanks Joe E. UpFront Technology -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
