[CentOS-devel] CentOS - SIG Hardening
Jason Pyeron
jpyeron at pdinc.us
Mon Apr 13 13:33:15 UTC 2015
> -----Original Message-----
> From: Earl A Ramirez
> Sent: Monday, April 13, 2015 7:24
>
> Dear CentOS Development Team,
>
> I am interested in starting a new SIG or merging with the
> 'Hardening' SIG, I didn't find sufficient information about
> the hardening SIG. I have been on the mailing list for some
> years and I have noticed a number of concerns with regards to
> security, e.g. the default sshd_config, gnome user list and more.
I have been patching/rebuilding RHEL/Centos RPMs to comply with the STIGs. This sounds interesting.
>
> My goal is to use the base and modify the OS with these
> changes and make it available for the CentOS community, I
> will mention this on the mailing list to get the community
> feedback so that they can have an opportunity to contribute,
> and more importantly get an OS that meets their needs, with
> regards to their security concerns.
>
> I'm not too familiar with the CentOS build system, however I
> started to read up on it and practice to get a feel on
> things. Some of the things that I will like to change are as follow:
>
> SSH:
> disable root (uncomment 'PermitRootLogin' and change to no)
> enable 'strictMode'
> modify 'MaxAuthTries'
> modify 'ClientAliveInterval'
> modify 'ClientAliveCountMax'
>
> Gnome:
> disable Gnome user list
>
> Console:
> Remove reboot, halt poweroff from /etc/security/console.app
>
>
> Looking forward for your response on how can I proceed with this?
>
>
>
> --
>
> Kind Regards
> Earl Ramirez
>
>
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
- -
- Jason Pyeron PD Inc. http://www.pdinc.us -
- Principal Consultant 10 West 24th Street #100 -
- +1 (443) 269-1555 x333 Baltimore, Maryland 21218 -
- -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.
More information about the CentOS-devel
mailing list