[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Checklist (was Re: OS Hardening)

I think I must contribute with theses that (i think) didn't saw mailed
to the list:

- configure /etc/lilo.conf with password and restricted
- partition and configure /etc/fstab with nodev,nosuid,noexec
- protect spoofing in:
	- /etc/hosts.conf adding 'nospoof on'
	- addind '1' to /proc/sys/net/ipv4/conf/*/rm_filter
	- using PARANOID in wrapers (someone has told yet)
- patching kernel with openwall+lids
- adjust /proc with:
	- Enable TCP SYN Cookie protection in /proc/sys/net/ipv4/tcp_syncookies
	- Enable always defragging protection in
	- Enable broadcast echo  protection in
	- Enable bad error message protection in
	- Enable IP spoofing protection turn in Source Address Verification on
	- Disable ICMP Redirect Acceptance in
/proc/sys/net/ipv4/conf/*/accept_redirects and
	- Disable Source Routed Packets in
	- Log Spoofed Packets, Source Routed Packets, Redirect Packets in

I think I saw some of these lines in a default install, but ...

mailto:guilherme@nortenet.pt || http://www.nortenet.pt/~guilherme
"All bits used in this post are recycled !"

Reply to: