Questions tagged [hardening]

75 questions
14
votes
2 answers

How to prevent users from extending their window of valid login

Been working on some security hardening procedures for a RedHat box, and I wanted to know if would be possible to prevent a user from changing his password, once it's expired. For one of our clients the requirement is that they must only have access…
born to hula
  • 243
  • 1
  • 7
14
votes
2 answers

SELinux vs. AppArmor vs. grsecurity

I have to set up a server that should be as secure as possible. Which security enhancement would you use and why, SELinux, AppArmor or grsecurity? Can you give me some tips, hints, pros/cons for those three? AFAIK: SELinux: most powerful but most…
Marco
8
votes
5 answers

Red Hat server minimal install

In a farm of virtualized Red Hat servers, there's the need to install a minimal system for security reasons. Minimal installs have several advantages (even no security related): Less exposure to vulnerabilities (if you don't need it, don't install…
chmeee
  • 7,270
  • 3
  • 29
  • 43
7
votes
5 answers

Services to disable on a newly installed CentOS 5.3 machine?

I've recently installed a CentOS 5.3 machine which I'm locking down for server usage in a headless environment (no GUI will be used on the machine). The server will be used as a combined web- and database server. I've disabled xfs and portmap since…
knorv
  • 1,789
  • 6
  • 19
  • 29
7
votes
2 answers

Account Lockout with pam_tally2 in RHEL6

I am using pam_tally2 to lockout accounts after 3 failed logins per policy, however, the connecting user does not receive the error indicating pam_tally2's action. (Via SSH.) I expect to see on the 4th attempt: Account locked due to 3 failed…
Aaron Copley
  • 12,345
  • 5
  • 46
  • 67
7
votes
3 answers

CentOS 6 Minimal or Hardened Install

I am working on building some new CentOs 6 servers and creating documentation for the installation of said servers. I would like to create a base CentOS 6 server install that would be light on the packages to reduce bloat by default. Additionally,…
John
  • 2,266
  • 6
  • 44
  • 60
6
votes
4 answers

How do I secure a Dell Idrac card?

I'm trying to completely lock down a server which has to exist outside of a firewall/directly routed to the internet and whilst I have hardened the base OS to the best of my ability, I had a moment of horror when I thought that if the worst should…
William Hilsum
  • 3,506
  • 5
  • 28
  • 39
5
votes
3 answers

What are some specific changes you make when hardening a new NetBSD install?

I know most of the general advice: "turn off unnecessary services", "no really, turn off unnecessary services", "least privilege", etc. I've also seen a few guides and/or tools, e.g., Bastille, for hardening Linux boxes, but nothing that seems…
Hank Gay
  • 365
  • 3
  • 11
4
votes
5 answers

Use Script To Edit Local Group Policy Windows Server 2012

I'm hardening a Windows Server 2012 R2 machine for serving secure web pages and following a guide that lays out multiple Local Group Policy Settings and Registry Settings. When researching how to automate this process I only find ways to export and…
4
votes
5 answers

How Can I Enable MSS Group Policy Settings Windows Server 2012

In the past I have gone through a server hardening checklist on a Windows Server 2008 web server for PCI compliance. Basically there are a lot of Group Policy, Registry, and other settings that need to conform to the industry best practices for…
ibsk8in31
  • 103
  • 2
  • 2
  • 6
4
votes
1 answer

Using App Pool Identity vs Local Account in IIS

I am supposed to harden web applications we have developed in our company.I decided to create separate application pool for each web site for this purpose. My question is whether using Application pool identity is more secure or using a separate…
Pooya Yazdani
  • 267
  • 5
  • 11
4
votes
4 answers

Service to harden an Ubuntu Server

I have a webserver which is hosted on mosso- Ubuntu 8.04. It does not have Cpanel installed. I wanted know if anyone can recommend any good services to harden my server from hacking etc. I tried platinumservermanagement but they said that they need…
elated
  • 289
  • 5
  • 13
4
votes
2 answers

WebDAV Security and Hardening

What are the security ramifications that one should be aware of when considering using WebDAV? How does one go about securing it? What else should I know about it?
John
  • 2,266
  • 6
  • 44
  • 60
3
votes
2 answers

how to configure postfix behind haproxy?

During the last years I had an emailserver running for my small business without problems. Now that my company has grown, I wanted to add a bit of redundancy and added a failover emailserver with a loadbalancer in front (haproxy). All went fine…
Joe Silencio
  • 31
  • 1
  • 1
  • 6
3
votes
0 answers

Changed policy: locked out local and domain administrator account on Windows Server 2012

I'm kind of a rookie when it comes to servers and server hardening. I was following the CIS benchmark for Windows Server 2012 and changed the allow log on locally policy to include administrator, domain administrator and guest account. I'm now…
1
2 3 4 5