Archive for the 'Linux Support' Category

SBDavid

How to disable Wireless Drivers

How to disable Wireless Drivers

Removing the kernel drivers that provide support for wireless Ethernet devices will prevent users from easily activating the devices.

To remove the wireless drivers from the system:

# rm -r /lib/modules/kernelversion(s) /kernel/drivers/net/wireless
SBDavid

The anacron subsystem

The anacron subsystem

The anacron subsystem is designed to provide cron functionality for machines which may be shut down during the normal times that system cron jobs run, frequently in the middle of the night. Laptops and workstations which are shut down at night should keep anacron enabled, so that standard system cron jobs will run when the machine boots.

However, on machines which do not need this additional functionality, anacron represents another piece of privileged software which could contain vulnerabilities. Therefore, it should be removed when possible to reduce system risk.

Disable anacron if Possible

Is this a machine which is designed to run all the time, such as a server or a workstation which is left on at night? If so:

# yum erase anacron

How to confirm Existence and Permissions of System Log Files

For each log file LOGFILE referenced in /etc/syslog.conf or /etc/rsyslog.conf, run the commands:

# touch LOGFILE
# chown root:root LOGFILE
# chmod 0600 LOGFILE

Syslog will refuse to log to a file which does not exist. All messages intended for that file will be silently discarded, so it is important to verify that all log files exist. Some logs may contain sensitive information, so it is better to restrict permissions so that only administrative users can read or write logfiles.

SBDavid

How to Configure Logging

How to Configure Logging

There are two packages available in RHEL 5 for performing logging, and recommends that rsyslog be used.

No matter which logging software is used, a system should send its logs to a remote loghost. An intruder who has compromised the root account on a machine may delete the log entries which indicate that the system was attacked before they are seen by an administrator. If system logs are to be useful in detecting malicious activities, it is necessary to send them to a remote server.

The sysklogd software provides the default logging daemon for RHEL, but has a number of downsides, including a lack of authentication for client or server, lack of encryption, or reliable transport for messages sent over a network. For these reasons, rsyslog is recommended instead (and it is also part of RHEL).

Network Parameters for Hosts Only System

If the system is not going to be used as a firewall or gateway to pass IP traffic between different networks, then edit the file /etc/sysctl.conf and add or correct the following lines:

net.ipv4.ip forward = 0
net.ipv4.conf.all.send redirects = 0
net.ipv4.conf.default.send redirects = 0

These settings disable hosts from performing network functionality which is only appropriate for routers.

« Prev - Next »