1.5 Install the seccheck package
# rpm -ql seccheck
/etc/cron.d/seccheck
/usr/lib/secchk
/usr/lib/secchk/checkneverlogin
/usr/lib/secchk/security-control.sh
/usr/lib/secchk/security-daily.sh
/usr/lib/secchk/security-monthly.sh
/usr/lib/secchk/security-weekly.sh
/usr/share/doc/packages/seccheck
/usr/share/doc/packages/seccheck/CHANGES
/usr/share/doc/packages/seccheck/LICENCE
/usr/share/doc/packages/seccheck/README
/usr/share/doc/packages/seccheck/TODO
/var/adm/fillup-templates/sysconfig.seccheck
/var/lib/secchk
/var/lib/secchk/data
3.3 Disable postfix Server, If Possible Fail
在 Linux 上禁用 Postfix
1.浏览到以下文件夹:
/etc/rc.d/rc5.d
2.输入以下命令,停止后处理文件:
./S15postfix stop
3.输入以下命令重命名 Postfix,防止它在服务器重新启动时也重新启动:
mv S15postfix K15postfix
4.重新启动服务器。
5.启动 Workplace Messaging SMTP 入站服务。
4.1 Network Parameter Modifications Fail
4.2 Additional Network Parameter Modifications
7.3 Prevent X Server From Listening On Port 6000/tcp Fail
It depends a little on how you start X. If you start from console (startx), edit your /usr/X11R6/lib/X11/xinit/xserverrc to look something like this:
Code:
startx -- -nolisten tcp
xhosts +local:
On the other hand if you start X with xdm, edit your /etc/X11/xdm/Xserver and add "-nolisten tcp" to the command. That should keep the port closed. Kdm and gdm are probably the same procedure as xdm.
if u want it closed u could also use iptables:
iptables -A INPUT -p tcp --dport 6000 -j DROP
but setting it to no-listen would seem to be a better 1st step.
7.4 Restrict at/cron To Authorized Users Fail
7.6 Configure xinetd Access Control Fail
8.1 Block System Accounts
9.2 Create Warnings For GUI-Based Logins Fail
# rpm -ql seccheck
/etc/cron.d/seccheck
/usr/lib/secchk
/usr/lib/secchk/checkneverlogin
/usr/lib/secchk/security-control.sh
/usr/lib/secchk/security-daily.sh
/usr/lib/secchk/security-monthly.sh
/usr/lib/secchk/security-weekly.sh
/usr/share/doc/packages/seccheck
/usr/share/doc/packages/seccheck/CHANGES
/usr/share/doc/packages/seccheck/LICENCE
/usr/share/doc/packages/seccheck/README
/usr/share/doc/packages/seccheck/TODO
/var/adm/fillup-templates/sysconfig.seccheck
/var/lib/secchk
/var/lib/secchk/data
3.3 Disable postfix Server, If Possible Fail
在 Linux 上禁用 Postfix
1.浏览到以下文件夹:
/etc/rc.d/rc5.d
2.输入以下命令,停止后处理文件:
./S15postfix stop
3.输入以下命令重命名 Postfix,防止它在服务器重新启动时也重新启动:
mv S15postfix K15postfix
4.重新启动服务器。
5.启动 Workplace Messaging SMTP 入站服务。
4.1 Network Parameter Modifications Fail
4.2 Additional Network Parameter Modifications
7.3 Prevent X Server From Listening On Port 6000/tcp Fail
It depends a little on how you start X. If you start from console (startx), edit your /usr/X11R6/lib/X11/xinit/xserverrc to look something like this:
Code:
startx -- -nolisten tcp
xhosts +local:
On the other hand if you start X with xdm, edit your /etc/X11/xdm/Xserver and add "-nolisten tcp" to the command. That should keep the port closed. Kdm and gdm are probably the same procedure as xdm.
if u want it closed u could also use iptables:
iptables -A INPUT -p tcp --dport 6000 -j DROP
but setting it to no-listen would seem to be a better 1st step.
7.4 Restrict at/cron To Authorized Users Fail
7.6 Configure xinetd Access Control Fail
8.1 Block System Accounts
9.2 Create Warnings For GUI-Based Logins Fail
1617
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
