Search found 6 matches
- 2017/08/18 18:07:07
- Forum: CentOS 7 - Security Support
- Topic: SCAP Workbench
- Replies: 5
- Views: 2424
Re: SCAP Workbench
If you've made the changes and test them, then it is most likely an issue with SCAP Workbench, maybe a bug? If using the latest version, try testing with an older version or vice versa depending on what version you're using. Good practice for making security changes to PAM modules is taking taking a...
- 2017/08/18 17:02:55
- Forum: CentOS 7 - Security Support
- Topic: McAfee potentials impacts
- Replies: 6
- Views: 3646
Re: McAfee potentials impacts
Hi, I've worked with McAfee Virus Scammer for Enterprise Linux (VSEL) extensively and found it to be quite a resource hog when it comes to how scans are handled. On-Access scanning can seriously affect RHEL 7's performance to the point of maxing out the CPU load due to it constantly scanning any fil...
- 2017/08/18 16:44:50
- Forum: CentOS 7 - Security Support
- Topic: firewalld / iptables how to allow all across reboots
- Replies: 2
- Views: 1541
Re: firewalld / iptables how to allow all across reboots
Save your IPtables to a config (always good practice), then flush them (removes all rules). I also suggest doing some reading on how IPtables communicates with Netfilter:
https://wiki.centos.org/HowTos/Network/ ... ptables%29
https://wiki.centos.org/HowTos/Network/ ... ptables%29
- 2017/08/18 16:39:52
- Forum: CentOS 7 - Security Support
- Topic: Removing all rich rules at ones
- Replies: 2
- Views: 25722
Re: Removing all rich rules at ones
Good catch about the double quotes vs single quotes. When I was first working with rich rules, I used this documentation to become familiar wtih the syntax (essentially the man pages, but in a nicer format):
https://fedoraproject.org/wiki/Features ... chLanguage
https://fedoraproject.org/wiki/Features ... chLanguage
- 2017/08/18 16:16:38
- Forum: CentOS 7 - Security Support
- Topic: Hardening CentOS 7
- Replies: 11
- Views: 37348
Re: Hardening CentOS 7
Howdy, I have a bit of experience in this area and definitely recommend using the Department of Defense (DoD) Security Technical Implementation Guide (STIG). It's based off OpenScap standards and redesigned for the DoD. Obviously, you need to go through the entire STIG to understand what is being do...
- 2017/08/18 16:09:33
- Forum: CentOS 7 - Security Support
- Topic: DNS Amplification Attack
- Replies: 1
- Views: 1053
Re: DNS Amplification Attack
A couple of things can be done to mitigate DNS amplification attack as well as some other attacks: -Enable rate limiting if you are providing recursive queries. -Turn off recursive queries if you're server is the SOA!!!! Move your SOA to hidden master and have one server configured specifically for ...