Center for Internet Security Benchmark
-
- Posts: 4
- Joined: 2015/07/29 10:37:09
Center for Internet Security Benchmark
I have the guide/setting. I am a newbie to Linux and I am looking for some tools or an easy way to set ...setting. Any guidance would be greatly appreciated.
Re: Center for Internet Security Benchmark
What? Please repost asking a question. Asking how can I set a setting is pretty meaningless.
-
- Posts: 4
- Joined: 2015/07/29 10:37:09
Re: Center for Internet Security Benchmark
all the setting are in http://security.uri.edu/uploads/CIS_Cen ... 1.1.01.pdf
windows has group policies to set a majority of the required setting. Does Linux have a tool to help with this?
Sorry I was not clear on what I was looking for
windows has group policies to set a majority of the required setting. Does Linux have a tool to help with this?
Sorry I was not clear on what I was looking for
Re: Center for Internet Security Benchmark
vimsusancentos wrote:all the setting are in http://security.uri.edu/uploads/CIS_Cen ... 1.1.01.pdf
windows has group policies to set a majority of the required setting. Does Linux have a tool to help with this?
Sorry I was not clear on what I was looking for
Sorry, that was sort of a joke. No, there is no GUI tool to configure these settings. You have to run the commands listed and edit the files as specified.
-
- Posts: 4
- Joined: 2015/07/29 10:37:09
Re: Center for Internet Security Benchmark
Being new to CentOs I do not know a lot. In the CIS documentation it has a lot of all scrips how do you know when it just something you type at the command line...and if you do that is it something you have to redue every time you reboot.
How do you know when it is a scrip that you need to run? and how often do you need to run it.
I know to write a script you start it with #!/bin/bash
any guidance or tutorial would be greatly appreciated
I know commands like this are written at the command line
# grep /tmp /etc/fstab | grep noexec
# mount | grep /tmp | grep noexec
but is 1.1.17 Set Sticky Bit on All World-Writable Directories
is this done at the command line? as well
# df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -type d \( -perm -0002 -a ! -perm -1000 \) 2>/dev/null | xargs chmod a+t
can you combine a number of these command line in a scrip? and just run that?
How do you know when it is a scrip that you need to run? and how often do you need to run it.
I know to write a script you start it with #!/bin/bash
any guidance or tutorial would be greatly appreciated
I know commands like this are written at the command line
# grep /tmp /etc/fstab | grep noexec
# mount | grep /tmp | grep noexec
but is 1.1.17 Set Sticky Bit on All World-Writable Directories
is this done at the command line? as well
# df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -type d \( -perm -0002 -a ! -perm -1000 \) 2>/dev/null | xargs chmod a+t
can you combine a number of these command line in a scrip? and just run that?
Re: Center for Internet Security Benchmark
Yes it's piped. You can pipe the output from one command into another.
-
- Posts: 4
- Joined: 2015/07/29 10:37:09
Re: Center for Internet Security Benchmark
to ensure no daemons are unconfined you use command
sudo ps -eZ | egrep "initrc" | egrep -vw "tr|ps|egrep|bash|awk" | tr ':' ' ' | awk '{ print $NF }'
it says this should produce no output in a well-configured system
but I get
miniserv.pl
don't know what that means and how to fix it?
sudo ps -eZ | egrep "initrc" | egrep -vw "tr|ps|egrep|bash|awk" | tr ':' ' ' | awk '{ print $NF }'
it says this should produce no output in a well-configured system
but I get
miniserv.pl
don't know what that means and how to fix it?
Re: Center for Internet Security Benchmark
So that probably means that miniserv.pl is running as described. To confirm: ps -efZ | grep miniserv.pl
So the question is, what does miniserv.pl do? If it's installed via an RPM and exists in the $PATH, type rpm -q --whatprovides $(which miniserv.pl)
That should (assuming the above two conditions are true) tell you to what package it belongs to and that may give you a clue as to what it does.
So the question is, what does miniserv.pl do? If it's installed via an RPM and exists in the $PATH, type rpm -q --whatprovides $(which miniserv.pl)
That should (assuming the above two conditions are true) tell you to what package it belongs to and that may give you a clue as to what it does.
Re: Center for Internet Security Benchmark
Google suggests that it is a component of webmin.aks wrote:So that probably means that miniserv.pl is running as described. To confirm: ps -efZ | grep miniserv.pl
So the question is, what does miniserv.pl do?