All Questions
Tagged with configuration security
26
questions
6
votes
1
answer
2k
views
How does the use_pty sudoers option prevent a persistence attack?
As a rule in the Debian 10 hardening guide, and various other audit guides of the Center for Internet Security (CIS), setting the use_pty sudoers option is recommended for the following rationale:
...
- 63
0
votes
1
answer
203
views
Securing GRUB password from linux installation
I recently came across the Linux password change method via the GRUB by entering single user mode. After some digging around I found some articles on how to secure it with a sha512 hashed password....
- 5
0
votes
2
answers
626
views
Linux local Password Policy doesn't apply when creating new user
I'm trying to implement a password security policy on my Linux Mint machine.
I configured the /etc/pam.d/common-password file with the following lines.
password requisite pam_pwquality.so retry=3 ...
- 1
0
votes
1
answer
3k
views
PASS_MIN_LEN missing from login.defs
I've noticed that the PASS_MIN_LEN is missing from the password aging controls section inside /etc/login.defs (Ubuntu 20.04 LTS). At the end of the file there is a note that it's obsolete, alongside ...
- 411
1
vote
1
answer
301
views
Which services read the /etc/securetty configuration file?
Which programs / services are parsing contents of /etc/securetty configuration file?
- 1,886
0
votes
0
answers
7k
views
SSH: How to disable strict host key checking, but still be warned about new devices
I'm working for a company that involves sshing into several different devices with the same IP address and hostname, but unique private keys for ssh. What I'm trying to figure out is a way to disable ...
- 103
1
vote
1
answer
396
views
Is this SSHD config appropriate / secure [closed]
On the latest Debian Stretch I installed an OpenSSH server which I set up under the following conditions.
no root login
no password authentication / force public key authentication
authentication by ...
- 385
0
votes
0
answers
703
views
Permanently disable all networking in Tails OS?
I would like to use Tails OS to create a pseudo air-gapped system.
The system has WiFi hardware still, but it is "unusable" in Tails due to lack of firmware. I would like to further ensure it remains ...
- 258
5
votes
1
answer
10k
views
How to make changes to pam config such that further execution of authconfig will not overwrite them?
I'm configuring a CentOS7 host (through ansible) running authconfig. Now I need to add/configure pam_exec module to the setup but it seems it is not supported by authconfig (cf. man authconfig and /...
- 583
1
vote
1
answer
528
views
What is postscreen_dnsbl_reply_map use for?
What is the meaning of postscreen_dnsbl_reply_map in postscreen (postfix) ?
I've read from documentation:
if your DNSBL queries have a "secret" in the domain name, you must censor this information ...
- 4,469
1
vote
2
answers
2k
views
OpenSSH: how to disallow weak (<2048 bits) RSA keys
Are there any configs for OpenSSH server to disallow weak (e.g. <2048 bits) RSA keys? I'm aware of PubkeyAccetedAlgorithms which can disallow specific key types, incl. rsa-sha2, as a whole.
- 419
3
votes
1
answer
45k
views
How to force Samba to use SMB 3.0?
With SMB 1.0/CIFS being removed from Windows 10 in Redstone 3 update due to vulnerability, this will conk out a lot of systems relying on older network hard drive enclosures.
I have a Linux-based ...
- 143
3
votes
1
answer
2k
views
Apache not hiding Server Tokens/Signature
I have web Apache servers with Jessie or Stretch that have been upgraded successively from older versions of Debian (from Squeeze onwards, depending on the servers).
In all of them, I have Apache ...
- 57k
1
vote
1
answer
1k
views
How can I run Java on a grsec-hardend Arch Linux kernel with paxd?
I have Arch Linux with the latest grsec-hardened 4.9.x Linux kernel with paxd installed. But because of this when I try to run Java I get the following error:
Java HotSpot(TM) 64-Bit Server VM ...
user103789
0
votes
1
answer
3k
views
How to turn off stack protector in linux kernel easily? [duplicate]
I wrote a simple module for the Linux Kernel and it has a stack buffer overflow vulnerability. I want to exploit the module, but I have to turn off the stack protector in the kernel first. How could I ...
- 13