SELinux? On 22 April 2015 at 09:11, John R Pierce <pierce at hogranch.com> wrote:> On 4/21/2015 11:34 PM, Eero Volotinen wrote: > >> apply also ideas from this document: >> https://benchmarks.cisecurity.org/downloads/show-single/?file=rhel6.130 >> > > that should be your baseline. I suspect you'll find all the things you > mentioned are discussed in the CIS benchmarks. > > > > > > -- > john r pierce, recycling bits in santa cruz > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >
Sounds like a bit basic stuff? How about hardening ciphers, two factor authentication, snort, web application firewall and scap scanning? Eero 22.4.2015 10.14 ap. "Andrew Holway" <andrew.holway at gmail.com> kirjoitti:> SELinux? > > On 22 April 2015 at 09:11, John R Pierce <pierce at hogranch.com> wrote: > > > On 4/21/2015 11:34 PM, Eero Volotinen wrote: > > > >> apply also ideas from this document: > >> https://benchmarks.cisecurity.org/downloads/show-single/?file=rhel6.130 > >> > > > > that should be your baseline. I suspect you'll find all the things you > > mentioned are discussed in the CIS benchmarks. > > > > > > > > > > > > -- > > john r pierce, recycling bits in santa cruz > > > > > > _______________________________________________ > > CentOS mailing list > > CentOS at centos.org > > http://lists.centos.org/mailman/listinfo/centos > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >
I think, this SIG would/should care about hardening CentOS itself as a system not a complete environment (proxies, firewalls, etc.) The examples of the opener show this. Something else could be integrity checking possibly. I imagine a tool/script that could apply hardening stuff. Regards Tim Am 22. April 2015 09:23:52 MESZ, schrieb Eero Volotinen <eero.volotinen at iki.fi>:>Sounds like a bit basic stuff? How about hardening ciphers, two factor >authentication, snort, web application firewall and scap scanning? > >Eero >22.4.2015 10.14 ap. "Andrew Holway" <andrew.holway at gmail.com> >kirjoitti: > >> SELinux? >> >> On 22 April 2015 at 09:11, John R Pierce <pierce at hogranch.com> wrote: >> >> > On 4/21/2015 11:34 PM, Eero Volotinen wrote: >> > >> >> apply also ideas from this document: >> >> >https://benchmarks.cisecurity.org/downloads/show-single/?file=rhel6.130 >> >> >> > >> > that should be your baseline. I suspect you'll find all the >things you >> > mentioned are discussed in the CIS benchmarks. >> > >> > >> > >> > >> > >> > -- >> > john r pierce, recycling bits in santa cruz >> > >> > >> > _______________________________________________ >> > CentOS mailing list >> > CentOS at centos.org >> > http://lists.centos.org/mailman/listinfo/centos >> > >> _______________________________________________ >> CentOS mailing list >> CentOS at centos.org >> http://lists.centos.org/mailman/listinfo/centos >> >_______________________________________________ >CentOS mailing list >CentOS at centos.org >http://lists.centos.org/mailman/listinfo/centos