apply also ideas from this document: https://benchmarks.cisecurity.org/downloads/show-single/?file=rhel6.130 -- Eero 2015-04-22 9:30 GMT+03:00 Tim <lists at kiuni.de>: > I am very interested. > > One of my suggestions: > > Firewall: > Network based firewall zone assignment (possibly disabling interface based > assignment) > > Regards > Tim > > Am 22. April 2015 07:13:52 MESZ, schrieb Earl A Ramirez < > earlaramirez at gmail.com>: > >Dear All, > > > >About a week ago; I posted a proposal over on the centos-devel mailing > >list, the proposal is for a SIG 'CentOS hardening', there were a few of > >the members of the community who are also interested in this. > >Therefore, > >I am extending that email to this community; where there is a larger > >community. > > > >Some things that we will like to achieve are as follows: > >SSH: > >disable root (uncomment 'PermitRootLogin' and change to no) > >enable 'strictMode' > >modify 'MaxAuthTries' > >modify 'ClientAliveInterval' > >modify 'ClientAliveCountMax' > > > >Gnome: > >disable Gnome user list > > > >Console: > >Remove reboot, halt poweroff from /etc/security/console.app > > > >Applying security best practises from various compliance perspective, > >e.g. STIG, SOX, PCI etc... We may also use NSA RHEL 5 secure > >configuration guide to get some insight or use it as a baseline. The > >members of the community who are interested in this SIG or are willing > >to contribute are: > >Leam Hall > >Corey Henderson > >Jason Pyeron > > > >You can find the post here [0] > > > >We will really like to get SIG approved by the CentOS board so if > >anyone > >is interested or willing to contribute we will be happy to have you > >onboard. > > > >[0] > >http://lists.centos.org/pipermail/centos-devel/2015-April/013197.html > > > >-- > >Earl A Ramirez <earlaramirez at gmail.com> > > > >_______________________________________________ > >CentOS mailing list > >CentOS at centos.org > >http://lists.centos.org/mailman/listinfo/centos > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >