Highest Voted 'hardening' Questions - Server Fault Stack Exchange

3

votes

1 answer

Account Lockout with pam_faillock in RHEL6

Previously, I asked about using pam_tally2 under RHEL6. I would like to pose this question and answer to document the recommended use of pam_faillock over pam_tally2 for the same function; What is the recommended strategy for temporary account…

asked May 08 '14 at 21:52

Aaron Copley

12,525
5
47
68

3

votes

2 answers

NFS server + client : Recommended hardening / final touches

We have just setup a lovely little nfs share / client for the first time. a) The UID for files on the client side, is showing up as 4294967294 when listed via ls, but the client is able to create and remove files / dirs in the share. Files and…

nfs rpc hardening

asked Feb 24 '12 at 00:21

anonymous-one

1,018
7
27
43

3

votes

1 answer

Did anyone know about update in Bastille for unix/linux?

I'm just wonder that bastille project is still active or not? which alternative tools are proper for both unix and linux? Thanky you very much

linux security unix hardening

asked Mar 18 '11 at 03:58

Wingless-Archangel

43
7

3

votes

5 answers

Windows hardening

Can anyone point me at some good resources on Windows hardening servers and desktop? From 2000 upwards. Thanks.

windows hardening

asked Feb 03 '11 at 20:21

zorba

31
1

3

votes

2 answers

Recommendations for sysctl.conf settings to harden Linux against DDoS attacks?

A recent article from UNIXy http://blog.unixy.net/2010/08/the-penultimate-guide-to-stopping-a-ddos-attack-a-new-approach/ has suggestions to harden a Linux box against DDoS attacks. Example of sysctl.conf net.ipv4.tcp_syncookies =…

linux ddos hardening

asked Nov 21 '10 at 21:54

Eureka Ikara

309
5
11

3

votes

3 answers

Users cleaning in debian

I'm running a webserver at slicehost and decided to delete unused/unnecessary users. But I really don't know which ones are necessary for the system to work I use it as apache webserver with mysql, php, memcached, ssh and proftpd. This is the list…

security debian user-management hardening

asked Aug 28 '10 at 08:37

The Disintegrator

585
2
6
20

2

votes

3 answers

securing/hardening ntp client on Linux servers - config file

I have a clean install of Debian with the NTP client. I was given settings to secure secure my NTP client configuration. I know how to add them to the /etc/ntp.conf file but I am not if settings need to be merged or overwritten, if order matters, or…

linux debian security ntp hardening

asked Mar 08 '19 at 04:37

IMTheNachoMan

255
4
16

2

votes

0 answers

Attempting to delete cron directory in docker gives "Invalid argument"

I'm trying to write a hardening script to remove the cron directory in an alpine Linux based docker image. docker run -it alpine:3.7 rm -rf /var/spool/cron rm: can't remove '/var/spool/cron': Invalid argument Sometimes the cron directory appears to…

security docker cron file-permissions hardening

asked Feb 22 '19 at 03:15

Daniel Powell

76
2
14

2

votes

3 answers

Hardening Apache: How to disable Apache manual or make it unreachable?

I just found requests like this in my access log: 180.76.15.134 - - [30/Oct/2017:22:38:05 +0100] "GET /manual/en/server-wide.html HTTP/1.1" 200 3551 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" Accessing…

apache-2.4 hardening

asked Oct 31 '17 at 11:09

Robert

153
1
4

2

votes

1 answer

Windows Server 2016 + CIS security benchmarks: "access denied" on GP objects, locked out of all shares incl. SYSVOL

We have got an Active Directory domain with Windows Server 2016 on the domain controller and up-to-date Windows 10 on all clients. Not long ago I began deploying the Center for Internet Security (CIS) Level-1 security benchmarks on the domain via…

active-directory windows-server-2016 hardening

asked Mar 10 '17 at 22:19

Marecki

21
1
6

2

votes

1 answer

Hardening web server cyphers: which cypher list to choose, or how to map between Mozilla and Hynek

Until now I was only aware of Hynek Schlawack's blog post on hardening web server cyphers having a relatively short list of cyphers. But recently I found How to fix 'logjam' vulnerability in Apache (httpd) which pointing to the much longer…

ssl httpd hardening

asked Jul 12 '15 at 15:51

Jeroen Wiert Pluimers

290
6
14

2

votes

3 answers

SELinux restrict Apache/PHP access

I installed a minimal CentOS system with Apache, PHP and SELinux in a default configuration: SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: …

php hardening selinux

asked Jun 12 '15 at 10:34

jbrsn

21
3

2

votes

1 answer

CIS benchmark differences between 2008R2 to 2012R2

I'm looking at hardening our golden image inline with the CIS benchmarks for Windows Server 2008R2 and 2012R2. But, after looking at the two benchmark documents(registration required - sorry) from CIS, the 2008 document format is different and…

group-policy benchmark hardening

asked Apr 22 '15 at 13:54

House

121
2

2

votes

1 answer

Hardening Ubuntu with Docker.io

I am new to Docker so please keep in mind. The old way: Create cloud instance Add Ubuntu OS Provision / harden Linux via Chef Develop app locally Deploy via Capistrano or some other deployment tool The docker way: Create cloud instance …

ubuntu chef docker provisioning hardening

asked Jul 08 '14 at 16:02

csi

1,555
7
23
42

2

votes

3 answers

Which services to disable on a CentOs 5.8 web/database server?

I have just setup my CentOS 5.8 64 [final] server as a webserver. Specs: 2x E5620 Intel CPU, DDR3 RAM, Hardware Adaptec RAID 10, 4x SAS drives. I have installed myself: Nginx PHP-FPM MySQL [ourdelta.org version] Sphinx Vsftpd Fail2ban Citadel…

centos security centos5 init.d hardening

asked Oct 23 '12 at 12:38

Mr.Boon

1,471
4
24
43

Questions tagged [hardening]