Tasks
|
Remarks
|
|
Install and Configure SSH
|
Install
|
ok
|
Disable Telnet
|
Use SSH , chsubserver -d -v telnet -p tcp
|
ok
|
Disable FTP
|
Wait for user change, chsubserver -d -v ftp -p tcp
|
IGNORE
Application require
|
Disable Remote Shell
|
Use SSH, commend shell,login /etc/inetd.conf
|
ok
|
Disable TFTP
|
chsubserver -d -v tftp -p udp
|
ok
|
Remove /etc/hosts.equiv
|
ok
| |
Disable SNMP
|
chrctcp -d snmpd
chrctcp -d dpid2
chrctcp -d hostmibd
|
ok
|
Disable printer
|
Command piobe in /etc/inittab
|
ok
|
Create /etc/ftpusers
|
Allow specific on user to FTP
|
ok
|
Remove empty crontab files and restrict file permissions
|
ok
| |
Restrict at and cron to authorized users
|
Create cron.allow , at.allow
|
ok
|
Restrict root logins to system console
|
chuser rlogin=false login=true su=true sugroups=system root
|
ok
|
Verify there are no accounts with empty password fields
|
Check in /etc/passwd , /etc/security/passwd
|
ok
|
Verify no UID 0 accounts exist other than root
|
ok
| |
Remove user .rhosts files
|
ok
| |
Set Default umask for users
|
077 set in /etc/security/user
|
IGNORE
Oracle recommend to 022
|
Verify passwd and group file permissions
|
ok
| |
No '.' or group/world-writable directory in root's $PATH
|
ok
| |
/etc/hosts rw only root
|
chmod 644 /etc/hosts
|
ok
|
/home/oracle/.profile rw on oracle
|
chmod 600 /home/oracle/.profile
|
ok
|
Oracle user home set to 750
|
chmod 750 /home/oracle
|
ok
|
| Power by < Khronos consulting co., ltd. > |
OS AIX BASIC Hardening
** Web
Subscribe to:
Post Comments (Atom)
Loading
0 comments:
Post a Comment