-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Jim, Under Pam modifications: auth required pam_tally2.so onerr=fail unlock_time=60 no_magic_root account required pam_tally2.so deny=3 no_magic_root per_user deny=3 should be in auth. It's not allowed in account. no_magic_root is not a valid option for pam_tally2, only for pam_tally. The default behavior for pam_tally2 is no_magic_root. You need to supply the magic_root flag to enable the magic_root behavior. Under Sysctl Security: The "net.ipv4.icmp_ignore_bogus_error_messages = 1" doesn't appear to be valid, but it's included in the NSA guide, as well as other reputable sources. It's probably best to not include this While this is technically correct, there is no net.ipv4.icmp_ignore_bogus_error_messages. However there is net.ipv4.icmp_ignore_bogus_error_responses. That should be the the entry in /etc/sysctl.conf Thanks, William - -----Original Message----- From: centos-docs-bounces at centos.org [mailto:centos-docs-bounces at centos.org] On Behalf Of Jim Perrin Sent: Friday, August 21, 2009 1:21 PM To: Mail list for wiki articles Subject: Re: [CentOS-docs] Wiki Edits: HowTos/OS_Protection On Fri, Aug 21, 2009 at 12:57 PM, Voyek, William<wvoyek at edmc.edu> wrote: > Hello, > > > > There are some errors on the HowTos/OS_Protection page on the CentOS wiki. I > would like to correct the errors. Sure. What are you seeing as errors though? - -- During times of universal deceit, telling the truth becomes a revolutionary act. George Orwell _______________________________________________ CentOS-docs mailing list CentOS-docs at centos.org http://lists.centos.org/mailman/listinfo/centos-docs -----BEGIN PGP SIGNATURE----- Version: 9.10.0 (Build 500) Charset: utf-8 wsBVAwUBSo8GedBiDE1p8+k6AQiSXgf/QAzVkFAALI4pW9mfAZbCdJCUz7RFY4Hq o7KwOdvARlHPPzoxDt/pMO9jnPtefbRpm2uTBr0KygYLHZlT6bGCljefIkKNtCR0 rd+lShQIlDFpQB1xpwMMtYqiAdLwumv0GSXcliNBp1X6IAFryPTh2emmWwgYhG3H 7rqUEm+h9nih+5hII+Y+CeRN9JyPC9dXJYy3U4Xp5vZiK9H+MjdoUm3I0CwJv2ib KLhkcNwkgXYocwbomv2+KXrgjbxWye3RqLeJFlNga+QDO4JlZv+uxEUfzQ/7Y+Og ytkcfwZLeUgPum3bNU93IUeb2mqlgRsF+gkGxmm4Bpw3K+AnQlQvNA== =zCOm -----END PGP SIGNATURE-----