wiki

User Tools

Site Tools

Trace: movek7_to_another_server tsm_dedup_stats tempo
linux:tempo
  • Splunkforwarder doc

https://docs.splunk.com/Documentation/Splunk/9.1.1/Admin/RunSplunkassystemdservice

hardening 

# cat /etc/fstab

UUID=xxxxxxxxxxxx /boot xfs defaults,nodev 0 2
/dev/mapper/vg_root-lv_home /home xfs defaults,nosuid,nodev 0 2
/dev/mapper/vg_root-lv_tmp /tmp xfs defaults,nosuid,noexec,nodev 0 2
/dev/mapper/vg_root-lv_var /var xfs defaults,nosuid,nodev 0 2
/dev/mapper/vg_root-lv_var_log /var/log xfs defaults,nosuid,noexec,nodev 0 2
/tmp /var/tmp none rw,noexec,nosuid,nodev,bind 0 0
tmpfs /dev/shm tmpfs rw,nodev,noexec,nosuid 0 0
/dev/mapper/vg_root-lv_opt /opt xfs defaults 0 2
/dev/mapper/vg_root-lv_usr /usr xfs defaults,nodev 0 2
/dev/mapper/vg_root-lv_swap swap                    swap    defaults        0 0
/tmp /var/tmp none rw,noexec,nosuid,nodev,bind 0 0
tmpfs /dev/shm tmpfs rw,nodev,noexec,nosuid 0 0
/dev/mapper/vg_data-lv_audit /var/log/audit xfs defaults 0 2

# cat /etc/ssh/sshd_config
...
AllowUsers *                  
AllowGroups *                 
DenyUsers nobody              
DenyGroups ftpusers monitor   

kexalgorithms curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256    # CIS Control id 14400

integration AD 

# authconfig --enablecachecreds --enableldap --enableldaptls --enableldapauth --ldapserver=ldaps://ad.domain.lu --ldapbasedn=dc=bdl,dc=tst --disablenis --disablekrb5 --enableshadow --enablemkhomedir --enablelocauthorize --passalgo=sha512 --updateall

# cat /etc/sssd/sssd.conf

[sssd]
default_domain_suffix = ad.domain.lu
domains = ad.domain.lu
config_file_version = 2
services = nss, pam

[domain/ad.domain.lu]
ad_domain = ad.domain.lu
krb5_realm = AD.DOMAIN.LU
realmd_tags = manages-system joined-with-adcli
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = True
fallback_homedir = /home/%u
access_provider = simple
simple_allow_groups = LINUX-ALL-SUDO@ad.domain.lu, LINUX-MYSQL-USER@ad.domain.lu
linux/tempo.txt · Last modified: 2024/03/28 18:15 by manu

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
GNU Free Documentation License 1.3 Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki