[CentOS] SIG - Hardening

Wed Apr 22 05:13:52 UTC 2015
Earl A Ramirez <earlaramirez at gmail.com>

Dear All,

About a week ago; I posted a proposal over on the centos-devel mailing
list, the proposal is for a SIG 'CentOS hardening', there were a few of
the members of the community who are also interested in this. Therefore,
I am extending that  email to this community; where there is a larger
community. 

Some things that we will like to achieve are as follows:
SSH:
disable root (uncomment 'PermitRootLogin' and change to no)
enable 'strictMode'
modify 'MaxAuthTries'
modify 'ClientAliveInterval'
modify 'ClientAliveCountMax'

Gnome:
disable Gnome user list

Console:
Remove reboot, halt poweroff from /etc/security/console.app

Applying security best practises from various compliance perspective,
e.g. STIG, SOX, PCI etc... We may also use NSA RHEL 5 secure
configuration guide to get some insight or use it as a baseline. The
members of the community who are interested in this SIG or are willing
to contribute are:
Leam Hall
Corey Henderson
Jason Pyeron

You can find the post here [0]

We will really like to get SIG approved by the CentOS board so if anyone
is interested or willing to contribute we will be happy to have you
onboard.

[0]
http://lists.centos.org/pipermail/centos-devel/2015-April/013197.html

-- 
Earl A Ramirez <earlaramirez at gmail.com>