[CentOS-devel] CentOS - SIG Hardening

Mon Apr 13 11:24:27 UTC 2015
Earl A Ramirez <earlaramirez at gmail.com>

Dear CentOS Development Team,

I am interested in starting a new SIG or merging with the ‘Hardening’ SIG,
I didn’t find sufficient information about the hardening SIG. I have been
on the mailing list for some years and I have noticed a number of concerns
with regards to security, e.g. the default sshd_config, gnome user list and
more.

My goal is to use the base and modify the OS with these changes and make it
available for the CentOS community, I will mention this on the mailing list
to get the community feedback so that they can have an opportunity to
contribute, and more importantly get an OS that meets their needs, with
regards to their security concerns.

I’m not too familiar with the CentOS build system, however I started to
read up on it and practice to get a feel on things. Some of the things that
I will like to change are as follow:

SSH:
disable root (uncomment 'PermitRootLogin' and change to no)
enable 'strictMode'
modify 'MaxAuthTries'
modify 'ClientAliveInterval'
modify 'ClientAliveCountMax'

Gnome:
disable Gnome user list

Console:
Remove reboot, halt poweroff from /etc/security/console.app

Looking forward for your response on how can I proceed with this?


-- 
Kind Regards
Earl Ramirez
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos-devel/attachments/20150413/2bca59a2/attachment-0007.html>