linux:tempo
Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision | ||
|
linux:tempo [2023/10/12 15:31] manu created |
linux:tempo [2024/03/28 18:15] (current) manu |
||
|---|---|---|---|
| Line 3: | Line 3: | ||
| https://docs.splunk.com/Documentation/Splunk/9.1.1/Admin/RunSplunkassystemdservice | https://docs.splunk.com/Documentation/Splunk/9.1.1/Admin/RunSplunkassystemdservice | ||
| + | hardening | ||
| + | <code> | ||
| + | # cat /etc/fstab | ||
| + | |||
| + | UUID=xxxxxxxxxxxx /boot xfs defaults,nodev 0 2 | ||
| + | /dev/mapper/vg_root-lv_home /home xfs defaults,nosuid,nodev 0 2 | ||
| + | /dev/mapper/vg_root-lv_tmp /tmp xfs defaults,nosuid,noexec,nodev 0 2 | ||
| + | /dev/mapper/vg_root-lv_var /var xfs defaults,nosuid,nodev 0 2 | ||
| + | /dev/mapper/vg_root-lv_var_log /var/log xfs defaults,nosuid,noexec,nodev 0 2 | ||
| + | /tmp /var/tmp none rw,noexec,nosuid,nodev,bind 0 0 | ||
| + | tmpfs /dev/shm tmpfs rw,nodev,noexec,nosuid 0 0 | ||
| + | /dev/mapper/vg_root-lv_opt /opt xfs defaults 0 2 | ||
| + | /dev/mapper/vg_root-lv_usr /usr xfs defaults,nodev 0 2 | ||
| + | /dev/mapper/vg_root-lv_swap swap swap defaults 0 0 | ||
| + | /tmp /var/tmp none rw,noexec,nosuid,nodev,bind 0 0 | ||
| + | tmpfs /dev/shm tmpfs rw,nodev,noexec,nosuid 0 0 | ||
| + | /dev/mapper/vg_data-lv_audit /var/log/audit xfs defaults 0 2 | ||
| + | |||
| + | </code> | ||
| + | |||
| + | <code> | ||
| + | # cat /etc/ssh/sshd_config | ||
| + | ... | ||
| + | AllowUsers * | ||
| + | AllowGroups * | ||
| + | DenyUsers nobody | ||
| + | DenyGroups ftpusers monitor | ||
| + | |||
| + | kexalgorithms curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256 # CIS Control id 14400 | ||
| + | |||
| + | </code> | ||
| + | |||
| + | integration AD | ||
| + | <code> | ||
| + | # authconfig --enablecachecreds --enableldap --enableldaptls --enableldapauth --ldapserver=ldaps://ad.domain.lu --ldapbasedn=dc=bdl,dc=tst --disablenis --disablekrb5 --enableshadow --enablemkhomedir --enablelocauthorize --passalgo=sha512 --updateall | ||
| + | |||
| + | # cat /etc/sssd/sssd.conf | ||
| + | |||
| + | [sssd] | ||
| + | default_domain_suffix = ad.domain.lu | ||
| + | domains = ad.domain.lu | ||
| + | config_file_version = 2 | ||
| + | services = nss, pam | ||
| + | |||
| + | [domain/ad.domain.lu] | ||
| + | ad_domain = ad.domain.lu | ||
| + | krb5_realm = AD.DOMAIN.LU | ||
| + | realmd_tags = manages-system joined-with-adcli | ||
| + | cache_credentials = True | ||
| + | id_provider = ad | ||
| + | krb5_store_password_if_offline = True | ||
| + | default_shell = /bin/bash | ||
| + | ldap_id_mapping = True | ||
| + | use_fully_qualified_names = True | ||
| + | fallback_homedir = /home/%u | ||
| + | access_provider = simple | ||
| + | simple_allow_groups = LINUX-ALL-SUDO@ad.domain.lu, LINUX-MYSQL-USER@ad.domain.lu | ||
| + | |||
| + | </code> | ||
linux/tempo.1697117507.txt.gz ยท Last modified: 2023/10/12 15:31 by manu
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
