Center for Internet Security Benchmark

[susancentos]

I have the guide/setting. I am a newbie to Linux and I am looking for some tools or an easy way to set ...setting. Any guidance would be greatly appreciated.

[aks]

What? Please repost asking a question. Asking how can I set a setting is pretty meaningless.

[susancentos]

all the setting are in http://security.uri.edu/uploads/CIS_Cen ... 1.1.01.pdf

windows has group policies to set a majority of the required setting. Does Linux have a tool to help with this?

Sorry I was not clear on what I was looking for

[Whoever]

all the setting are in http://security.uri.edu/uploads/CIS_Cen ... 1.1.01.pdf

windows has group policies to set a majority of the required setting. Does Linux have a tool to help with this?

Sorry I was not clear on what I was looking for

vim

Sorry, that was sort of a joke. No, there is no GUI tool to configure these settings. You have to run the commands listed and edit the files as specified.

[susancentos]

Being new to CentOs I do not know a lot. In the CIS documentation it has a lot of all scrips how do you know when it just something you type at the command line...and if you do that is it something you have to redue every time you reboot.
How do you know when it is a scrip that you need to run? and how often do you need to run it.

I know to write a script you start it with #!/bin/bash

any guidance or tutorial would be greatly appreciated

I know commands like this are written at the command line
# grep /tmp /etc/fstab | grep noexec
# mount | grep /tmp | grep noexec

but is 1.1.17 Set Sticky Bit on All World-Writable Directories
is this done at the command line? as well
# df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -type d \( -perm -0002 -a ! -perm -1000 \) 2>/dev/null | xargs chmod a+t


can you combine a number of these command line in a scrip? and just run that?

[aks]

Yes it's piped. You can pipe the output from one command into another.

[susancentos]

to ensure no daemons are unconfined you use command
sudo ps -eZ | egrep "initrc" | egrep -vw "tr|ps|egrep|bash|awk" | tr ':' ' ' | awk '{ print $NF }'

it says this should produce no output in a well-configured system

but I get
miniserv.pl
don't know what that means and how to fix it?

[aks]

So that probably means that miniserv.pl is running as described. To confirm: ps -efZ | grep miniserv.pl

So the question is, what does miniserv.pl do? If it's installed via an RPM and exists in the $PATH, type rpm -q --whatprovides $(which miniserv.pl)
That should (assuming the above two conditions are true) tell you to what package it belongs to and that may give you a clue as to what it does.

[Whoever]

So that probably means that miniserv.pl is running as described. To confirm: ps -efZ | grep miniserv.pl

So the question is, what does miniserv.pl do?

Google suggests that it is a component of webmin.