OS AIX BASIC Hardening

** Web


Tasks
Remarks




Install and Configure SSH
Install
ok
Disable Telnet
Use SSH , chsubserver -d -v telnet -p tcp
ok
Disable FTP
Wait for user change, chsubserver -d -v ftp -p tcp
IGNORE
Application require
Disable Remote Shell
Use SSH, commend shell,login /etc/inetd.conf
ok
Disable TFTP
chsubserver -d -v tftp -p udp
ok
Remove /etc/hosts.equiv

ok
Disable SNMP
chrctcp -d snmpd
chrctcp -d dpid2
chrctcp -d hostmibd
ok
Disable printer
Command piobe in /etc/inittab
ok
Create /etc/ftpusers
Allow specific on user to FTP
ok
Remove empty crontab files and restrict file permissions

ok
Restrict at and cron to authorized users
Create cron.allow , at.allow
ok
Restrict root logins to system console
chuser rlogin=false login=true su=true sugroups=system root
ok
Verify there are no accounts with empty password fields
Check in /etc/passwd , /etc/security/passwd
ok
Verify no UID 0 accounts exist other than root

ok
Remove user  .rhosts files

ok
Set Default umask for users
077  set in /etc/security/user
IGNORE
Oracle recommend to 022
Verify passwd and group file permissions

ok
No '.' or group/world-writable directory in root's $PATH

ok
/etc/hosts   rw only root
chmod  644 /etc/hosts
ok
/home/oracle/.profile  rw on oracle
chmod  600 /home/oracle/.profile
ok
Oracle user home set to 750
chmod 750 /home/oracle
ok

0 comments:

Loading