分类: 网络与安全
2006-07-22 10:39:48
only the user who belongs to the wheel group permits su
command.
add following content in /etc/pam.d/su:
“
auth required /lib/security/$ISA/pam_wheel.so use_uid “
prohibits root user login from remote..
Describe "PermitRootLogin no" in /etc/ssh/sshd_config.
telnet shoud be prohibited.
Add following description in configuration file: /etc/xinetd.d/telnet :
「disable = yes」.
IP forwarding function should be disabled.
Add description in configuration file /etc/sysctl.conf:
“
net.ipv4.ip_forward = 0. “
"IP Spoofing attack" protection should be enabled.
Add description in configuration file /etc/sysctl.conf:
“
net.ipv4.conf.all.rp_filter = 1.”
6,禁止ICMP redirection packet
OS should not accept ICMP redirection packet..
Add description in configuration file /etc/sysctl.conf:
“
net.ipv4.conf.all.accept_redirects = 0.”
7,禁止relay ICMP redirection packet
OS should not relay ICMP redirection packet..
Add description in configuration file /etc/sysctl.conf:
“
net.ipv4.conf.all.send_redirects = 0.”
OS should not reply to broadcast ICMP packet.
Add description in configuration file /etc/sysctl.conf:
“
net.ipv4.icmp_echo_ignore_broadcasts = 1.”
OS should avoid the time stamp.
Add description in configuration file /etc/sysctl.conf:
“
net.ipv4.tcp_timestamps = 0.”
OS should restrain the warning of the replying of the imitation to the broadcast frame.
Add description in configuration file /etc/sysctl.conf:
“
net.ipv4.icmp_ignore_bogus_error_responses = 1.”
OS should enable the SYN cookie against SYN flood attack.
Add description in configuration file /etc/sysctl.conf:
“
