Highest Voted 'hardening' Questions - Server Fault Stack Exchange

14

votes

2 answers

How to prevent users from extending their window of valid login

Been working on some security hardening procedures for a RedHat box, and I wanted to know if would be possible to prevent a user from changing his password, once it's expired. For one of our clients the requirement is that they must only have access…

asked Mar 18 '15 at 14:08

born to hula

243
1
7

14

votes

2 answers

SELinux vs. AppArmor vs. grsecurity

I have to set up a server that should be as secure as possible. Which security enhancement would you use and why, SELinux, AppArmor or grsecurity? Can you give me some tips, hints, pros/cons for those three? AFAIK: SELinux: most powerful but most…

linux security hardening

asked May 18 '10 at 11:45

Marco

8

votes

5 answers

Red Hat server minimal install

In a farm of virtualized Red Hat servers, there's the need to install a minimal system for security reasons. Minimal installs have several advantages (even no security related): Less exposure to vulnerabilities (if you don't need it, don't install…

redhat installation kickstart hardening

asked Jun 20 '09 at 08:06

chmeee

7,270
3
29
43

7

votes

5 answers

Services to disable on a newly installed CentOS 5.3 machine?

I've recently installed a CentOS 5.3 machine which I'm locking down for server usage in a headless environment (no GUI will be used on the machine). The server will be used as a combined web- and database server. I've disabled xfs and portmap since…

security centos hardening chkconfig

asked Aug 30 '09 at 21:13

knorv

1,789
6
19
29

7

votes

2 answers

Account Lockout with pam_tally2 in RHEL6

I am using pam_tally2 to lockout accounts after 3 failed logins per policy, however, the connecting user does not receive the error indicating pam_tally2's action. (Via SSH.) I expect to see on the 4th attempt: Account locked due to 3 failed…

redhat pam user-accounts rhel6 hardening

asked Nov 09 '12 at 20:15

Aaron Copley

12,345
5
46
67

7

votes

3 answers

CentOS 6 Minimal or Hardened Install

I am working on building some new CentOs 6 servers and creating documentation for the installation of said servers. I would like to create a base CentOS 6 server install that would be light on the packages to reduce bloat by default. Additionally,…

centos installation centos6 hardening

asked Jan 03 '12 at 22:57

John

2,266
6
44
60

6

votes

4 answers

How do I secure a Dell Idrac card?

I'm trying to completely lock down a server which has to exist outside of a firewall/directly routed to the internet and whilst I have hardened the base OS to the best of my ability, I had a moment of horror when I thought that if the worst should…

security remote-access dell drac hardening

asked May 01 '13 at 10:09

William Hilsum

3,506
5
28
39

5

votes

3 answers

What are some specific changes you make when hardening a new NetBSD install?

I know most of the general advice: "turn off unnecessary services", "no really, turn off unnecessary services", "least privilege", etc. I've also seen a few guides and/or tools, e.g., Bastille, for hardening Linux boxes, but nothing that seems…

hardening netbsd

asked Feb 02 '11 at 13:18

Hank Gay

365
3
11

4

votes

5 answers

Use Script To Edit Local Group Policy Windows Server 2012

I'm hardening a Windows Server 2012 R2 machine for serving secure web pages and following a guide that lays out multiple Local Group Policy Settings and Registry Settings. When researching how to automate this process I only find ways to export and…

group-policy windows-server-2012-r2 automation local hardening

asked Mar 25 '15 at 12:59

ibsk8in31

103
2
2
6

4

votes

5 answers

How Can I Enable MSS Group Policy Settings Windows Server 2012

In the past I have gone through a server hardening checklist on a Windows Server 2008 web server for PCI compliance. Basically there are a lot of Group Policy, Registry, and other settings that need to conform to the industry best practices for…

group-policy windows-server-2012-r2 pci-dss hardening

asked Jan 02 '15 at 15:14

ibsk8in31

103
2
2
6

4

votes

1 answer

Using App Pool Identity vs Local Account in IIS

I am supposed to harden web applications we have developed in our company.I decided to create separate application pool for each web site for this purpose. My question is whether using Application pool identity is more secure or using a separate…

iis web-server hardening

asked Oct 12 '14 at 12:47

Pooya Yazdani

267
5
11

4

votes

4 answers

Service to harden an Ubuntu Server

I have a webserver which is hosted on mosso- Ubuntu 8.04. It does not have Cpanel installed. I wanted know if anyone can recommend any good services to harden my server from hacking etc. I tried platinumservermanagement but they said that they need…

ubuntu security service hardening

asked Jul 25 '09 at 11:24

elated

289
5
13

4

votes

2 answers

WebDAV Security and Hardening

What are the security ramifications that one should be aware of when considering using WebDAV? How does one go about securing it? What else should I know about it?

webdav security hardening

asked May 22 '12 at 22:47

John

2,266
6
44
60

3

votes

2 answers

how to configure postfix behind haproxy?

During the last years I had an emailserver running for my small business without problems. Now that my company has grown, I wanted to add a bit of redundancy and added a failover emailserver with a loadbalancer in front (haproxy). All went fine…

postfix haproxy hardening vulnerability

asked Jul 17 '18 at 09:58

Joe Silencio

31
1
1
6

3

votes

0 answers

Changed policy: locked out local and domain administrator account on Windows Server 2012

I'm kind of a rookie when it comes to servers and server hardening. I was following the CIS benchmark for Windows Server 2012 and changed the allow log on locally policy to include administrator, domain administrator and guest account. I'm now…

windows group-policy domain windows-server-2012-r2 hardening

asked Mar 01 '16 at 12:09

Resitive

31
3

Questions tagged [hardening]