Archive for the tag 'Disable'

SBDavid
Jun 6th, 2012

How to disable Interactive Boot

How to disable Interactive Boot

Edit the file /etc/sysconfig/init. Add or correct the setting:

PROMPT=no

The PROMPT option allows the console user to perform an interactive system startup, in which it is possible to select the set of services which are started on boot. Using interactive boot, the console user could disable auditing, firewalls, or other services, weakening system security

SBDavid
Jun 2nd, 2012

How to disable and Remove SETroubleshoot

How to disable and Remove SETroubleshoot

Disable the service and remove the RPM:

# chkconfig setroubleshoot off
# yum erase setroubleshoot

The setroubleshoot service is a facility for notifying the desktop user of SELinux denials in a user-friendly fashion. SELinux errors may provide important information about intrusion attempts in progress, or may give information about SELinux configuration problems which are preventing correct system operation. In order to maintain a secure and usable SELinux installation, error logging and notification is necessary.

SBDavid
May 13th, 2012

Disable Mounting of Uncommon Filesystem Types

Disable Mounting of Uncommon Filesystem Types

Append the following lines to /etc/modprobe.conf in order to prevent the usage of uncommon filesystem types:

install cramfs /bin/true
install freevxfs /bin/true
install jffs2 /bin/true
install hfs /bin/true
install hfsplus /bin/true
install squashfs /bin/true
install udf /bin/true

Using the install command inside /etc/modprobe.conf instructs the kernel module loading system to run the command specified (here, /bin/true) instead of inserting the module in the kernel as normal. This effectively prevents usage of these uncommon filesystems.

SBDavid
May 9th, 2012

Disable Modprobe Loading of USB Storage Driver

Disable Modprobe Loading of USB Storage Driver

If USB storage devices should not be used, the modprobe program used for automatic kernel module loading should be configured to not load the USB storage driver upon demand.

Add the following line to /etc/modprobe.conf to prevent loading of the usb-storage kernel module:

install usb-storage /bin/true

This will prevent the modprobe program from loading the usb-storage module, but will not prevent an administrator (or another program) from using the insmod program to load the module manually.

SBDavid
Apr 12th, 2012

Disable the rhnsd Daemon

Disable the rhnsd Daemon

The rhnsd daemon polls the Red Hat Network web site for scheduled actions. Unless it is actually
necessary to schedule updates remotely through the RHN website, it is recommended that the service
be disabled.

# chkconfig rhnsd off

The rhnsd daemon is enabled by default, but until the system has been registered with the Red Hat
Network, it will not run. However, once the registration process is complete, the rhnsd daemon
will run in the background and periodically call the rhn check utility. It is the rhn check
utility that communicates with the Red Hat Network web site.

« Prev - Next »