File: server_configurations.txt

package info (click to toggle)
bastille 1:1.3.0-2.1
  • links: PTS
  • area: main
  • in suites: woody
  • size: 1,576 kB
  • ctags: 397
  • sloc: perl: 8,407; sh: 1,879; ansic: 638; makefile: 203; csh: 17
file content (89 lines) | stat: -rw-r--r-- 2,658 bytes parent folder | download | duplicates (4)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
The server configurations include three security levels.  They start
the following major servers turned off: DNS, Mail, Web, FTP and DHCP.
Then then modify those, based on which of the five major server types
the user asks for.

Server configuration in Lax security level:

No firewalling
Disable SUID status from dump/restore, cardctl, dosemu, news server programs
Enforce password aging
Password protect single user mode
Add additional logging
Disable apmd, NFS, Samba, pcmcia, DHCP server, news server, routing daemons,
 NIS, SNMPD
Disable VRFY/EXPN data mining commands into sendmail
Deactivate named (dns)
Deactivate apache (web)
Deactivate apache Server Side Includes (SSI)
Set umask to 022
Set security level to 2
Apply file permission level 2
Deactivate telnet
Deactivate ftp
Activate security checks



Server configuration in Moderate security level:

Moderate firewalling
Disable SUID status from dump/restore, cardctl, dosemu, news server programs
Disable SUID status from rsh, rlogin
Disable rhost-based authentication
Enforce password aging
Password protect single user mode
Add additional logging
Disable apmd, NFS, Samba, pcmcia, DHCP server, news server, routing daemons,
 NIS, SNMPD
Disable gpm
Disable VRFY/EXPN data mining commands into sendmail
Deactivate named (dns)
Deactivate apache (web)
Deactivate apache Server Side Includes (SSI)
Deactivate apache CGI script execution
Disable FTP user mode
Disable FTP anonymous mode
Set umask to 022
Set security level to 3
Apply file permission level 3
Restrict "." from the PATH variable
Deactivate telnet
Deactivate ftp
Activate security checks


Server configuration in Paranoia security level:

Strong firewalling
Disable SUID status from dump/restore, cardctl, dosemu, news server programs
Disable SUID status from rsh, rlogin
Disable SUID status for mount, umount, ping, at, usernetctl, traceroute
Disable rhost-based authentication
Disable cron use to everyone but root
Enforce password aging
Enforce limits on resources to prevent DoS attack
Password protect single user mode
Add additional logging
Disable apmd, NFS, Samba, pcmcia, DHCP server, news server, routing daemons,
 NIS, SNMPD
Disable gpm
Disable VRFY/EXPN data mining commands into sendmail
Deactivate named (dns)
Deactivate apache (web)
Deactivate apache Server Side Includes (SSI)
Deactivate apache CGI script execution
Deactivate apache's following of symlinks
Disable printing
Disable FTP user mode
Disable FTP anonymous mode
Activate TMPDIR protection
Set umask to 077
Set security level to 4
Apply file permission level 4
Restrict "." from the PATH variable
Deactivate telnet
Deactivate ftp
Activate security checks