Tasks
|
Remarks
|
| |
Install and Configure SSH
|
Install
|
Disable Telnet
|
Use SSH , chsubserver -d -v telnet -p tcp
|
Disable FTP
|
Wait for user change, chsubserver -d -v ftp -p tcp
|
Disable Remote Shell
|
Use SSH, commend shell,login /etc/inetd.conf
|
Disable TFTP
|
chsubserver -d -v tftp -p udp
|
Remove
/etc/hosts.equiv
| |
Disable SNMP
|
chrctcp -d snmpd
chrctcp -d dpid2
chrctcp -d hostmibd
|
Disable
printer
|
Command piobe in /etc/inittab
|
Create
/etc/ftpusers
|
Allow specific on user to FTP
|
Remove empty
crontab files and
restrict file permissions
| |
Restrict at
and cron to authorized users
|
Create cron.allow , at.allow
|
Restrict root
logins to system console
|
chuser rlogin=false login=true
su=true sugroups=system root **single line**
|
Verify there
are no accounts with
empty password
fields
|
Check in /etc/passwd , /etc/security/passwd
|
Verify no UID
0 accounts exist
other than
root
| |
Remove
user .rhosts files
| |
Set Default
umask for users
|
077 set in /etc/security/user
|
Verify passwd
and group file permissions
| |
No '.' or
group/world-writable directory in root's $PATH
| |
/etc/hosts rw only root
|
chmod 644 /etc/hosts
|
/home/oracle/.profile rw on oracle
|
chmod 600 /home/oracle/.profile
|
Oracle user home set to 750
|
chmod 750 /home/oracle
|