Stack Overflow
Stack Overflow

Questions tagged [hardening]

43 questions
0
votes
0 answers

DCOM Hardening and Delphi Clients: Why does it work?

We've the following settings: Two machines with the latest patch-level of updates and there are no registry patches applied to bypass the DCOM Hardening for Windows. That means, a client which tries to connect to the server needs at least the…
vesan
  • 19
  • 3
0
votes
0 answers

Docker service update/create command has option to add the --read-only flag to make the root file system read-only. Is there any option to remove it?

I have created a docker swarm service with --read-only mode, which makes the container's root file system read-only. Now I just want to remove the read-only option of the running container. All the other existing options should be kept…
Susmita Mandal
  • 41
  • 4
0
votes
0 answers

How to avoid inputting $CATALINA_HOME and $CATALINA_BASE interactively?

*** 2 values are required. *** Apache Tomcat $CATALINA_HOME (/opt/tomcat/): ?? Apache Tomcat $CATALINA_BASE (/opt/tomcat/): ?? Do not know what input I need to provide here, can someone help me here. This is related to CIS-CAT Scan which we use for…
Naveena PR
  • 1
  • 1
0
votes
1 answer

Daemon Umask in RHEL 8

I'm working on a hardening task of RHEL 8. The step now is set umask Daemon, I've tried to find /etc/sysconfig.init file to add umask 027 but it's not exist likes RHEL 7. Where can I config this umask on RHEL 8?
Tu Tran
  • 13
  • 2
0
votes
0 answers

MYSQL Change the host of the users using RENAME and a variable with the values

I create a procedure to try to change host wildcard into 'localhost' but It return me an error when process the host error with wildcard This is my code DELIMITER // CREATE OR REPLACE PROCEDURE wildcardprocedure() BEGIN DECLARE done BOOLEAN DEFAULT…
Alejandro Pérez Fuentes
  • 1
0
votes
0 answers

Removing IIS server header from WebDeploy on port 8172

I'm looking after a bit of server hardening for PCI DSS and can remove the headers from IIS no problem for standard sites but my compliance scanner is reporting (correctly) that port 8172 for MS Web deployment of packages is announcing the IIS/10…
Andy
  • 1
  • 1
0
votes
1 answer

What code changes must be made to handle DCOM hardening? (CVE-2021-26414) (KB5004442)

Our clients are having issues with DCOM errors and the issues appear related to the so-called "DCOM hardening" (CVE-2021-26414) (KB5004442). So we need to change our DCOM server processes and DCOM client processes so that they work now and they…
Null Pointers etc.
  • 2,124
  • 2
  • 14
  • 20
0
votes
1 answer

How to prevent a Java application from executing processes on GNU/Linux?

In other words, are modern GNU/Linux or JVM (ideally Java 11+) able to prevent a Java process from executing other processes? Issues such as Log4Shell and Spring4Shell seem possible because the JVM allows a Java application to execute other…
pyb
  • 4,813
  • 2
  • 27
  • 45
0
votes
1 answer

FileNotFoundError: [Errno2]: No Such file or directory:

I am trying to make a server hardening script for my work, part of it is to install wazuh-agent on the servers that will be connected to a SIEM manager. The script has 2 parts, one where it adds the repo entry - that works fine. The second part…
hj-
  • 1
  • 2
0
votes
0 answers

How to run a script on the host targeting each container that's running after 'docker-compose up -d'

I'm trying to follow CIS Security Benchmark for Docker containers and there are checks like "Use --pids-limit flag with an appropriate value when launching the container" that I can't do if I'm using version 3 of docker-compose. So I was thinking on…
Victor Praxedes
  • 11
  • 1
0
votes
1 answer

How do I configure NodeRestriction plug-in on kubelet?

Let's start with some context: I'm studying CKS and reading CIS_Kubernetes_Benchmark_v1.6.0.pdf and there's a confusing section: 1.2.17 Ensure that the admission control plugin NodeRestriction is set (Automated) ... Verify that the…
neoakris
  • 4,217
  • 1
  • 30
  • 32
0
votes
1 answer

Postfix Log: non-SMTP command from unknown IP address, "GET /aaa9 HTTP/1.1"

I was troubleshooting some configurations on my mail server (postfix + dovecot) and while reviewing /var/log/syslog for postfix, I found that around 3am, postfix received a connection from an unknown IP and was issued a non-SMTP command, "GET /aaa9…
DrTinyCat
  • 33
  • 7
0
votes
0 answers

Edit Local Group Policy with Powershell

I have been looking into auditing my group policy using Powershell. However, being a small group not using Active Directory the answers I have found do not work because they employ RSAT which requires a domain to be configured. These issues are…
Tyler Wright
  • 126
  • 1
  • 10
0
votes
1 answer

Can I create a generalized vm image with RDP disabled

How can we create windows VM image with RDP disabled for VMs created from that image? I want publish an RDP hardened image.
s-a-n
  • 767
  • 2
  • 9
  • 27
0
votes
1 answer

Hardening AWS EC2 Instances

I have launched and AWS ECS cluster with 4 EC2 instances with ecs optimized AMI 2 years ago, the system was working fine but due to systems hardening compliance , I need to update my ECS cluster EC2 instances with latest ECS optimized AMI. I can…
Bala krishna
  • 519
  • 1
  • 10
  • 24
1
2
3