Filter
Top Products
Choosing a Migration Path
Install-time Security Considerations
Chapter 246
Table 2-3 Host-based Sec10Host Install-time Security Settings
a
Category Actions
Logins and
Passwords
Deny login unless home directory exists
Deny non-root logins if /etc/nologin file exists
Set a default path for su command
Disable root logins from network tty
Hide encrypted passwords
Disallow ftpd system account logins
Disable remote X logins
File System,
Network, and Kernel
Modify ndd settings
b,c
Restrict remote access to swlist
Set default umask
Enable kernel-based stack execute protection
Daemons
Disable ptydaemon
Disable pwgrd
Disable rbootd
Disable NFS client daemons
Disable NFS server
Disable NIS client programs
Disable NIS server programs
Disable SNMPD
inetd Services
Deactivate bootp
Deactivate inetd’s built-in services
Deactivate CDE helper services
Deactivate finger
Deactivate ident
Deactivate klogin and kshell
Deactivate ntalk
Deactivate login, shell, and exec services
Deactivate swat
Deactivate printer
Deactivate recserv
Deactivate tftp
Deactivate time
Deactivate uucp
Enable logging for all inetd connections
sendmail
Run sendmail via cron to process queue
Stop sendmail from running in daemon mode
Disable vrfy and expn commands