Changeset 143
- Timestamp:
- 12/20/07 14:45:14
(1 year ago)
- Author:
- slawrence
- Message:
Fixed kickstart errors
-
Files:
-
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
| r142 |
r143 |
|
| 102 | 102 | logvol / --fstype ext3 --name=rootVol --vgname=VolGroup00 --size=1024 --grow |
|---|
| 103 | 103 | logvol /var --fstype ext3 --name=varVol --vgname=VolGroup00 --size=1024 --grow |
|---|
| 104 | | logvol /home --fstype ext3 --name=homeVol --vgname=VolGroup00 --size=1 --grow |
|---|
| | 104 | logvol /home --fstype ext3 --name=homeVol --vgname=VolGroup00 --size=256 --grow |
|---|
| 105 | 105 | logvol /tmp --fstype ext3 --name=tmpVol --vgname=VolGroup00 --size=1024 --grow |
|---|
| 106 | 106 | |
|---|
| … | … | |
| 427 | 427 | ## (GEN003180: CAT II) (Previously â G210) The SA will ensure cron logs have |
|---|
| 428 | 428 | ## permissions of 600, or more restrictive. |
|---|
| | 429 | touch /var/log/cron |
|---|
| 429 | 430 | chmod 600 /var/log/cron |
|---|
| 430 | 431 | |
|---|
| … | … | |
| 479 | 480 | ## (GEN002700: CAT I) (Previously â G095) The SA will ensure audit data files |
|---|
| 480 | 481 | ## have permissions of 640, or more restrictive. |
|---|
| 481 | | chmod 600 /var/log/audit/* |
|---|
| 482 | | chmod 600 /etc/audit/audit.rules |
|---|
| | 482 | touch /var/log/audit/audit.log |
|---|
| | 483 | chmod 640 /var/log/audit/* |
|---|
| | 484 | chmod 640 /etc/audit/audit.rules |
|---|
| 483 | 485 | |
|---|
| 484 | 486 | # 4.B.4.a(6)(d)(1) |
|---|
| … | … | |
| 496 | 498 | cat <<-EOF >> /etc/audit/audit.rules |
|---|
| 497 | 499 | -a exit,always -w /bin/login -p x |
|---|
| 498 | | -a exit,possible -w /bin/logout -F success=0 |
|---|
| | 500 | -a exit,always -w /bin/logout -F success=0 |
|---|
| 499 | 501 | EOF |
|---|
| 500 | 502 | |
|---|
| … | … | |
| 535 | 537 | -a exit,always -S umount2 |
|---|
| 536 | 538 | -a exit,always -S adjtimex |
|---|
| 537 | | -a exit,always -S settimeofday |
|---|
| 538 | 539 | -a exit,always -S kill |
|---|
| 539 | | -a exit,always -S reboot |
|---|
| 540 | 540 | -a exit,always -w /usr/sbin/pwck |
|---|
| 541 | 541 | -a exit,always -w /bin/chgrp |
|---|
| … | … | |
| 585 | 585 | ## all security personnel actions |
|---|
| 586 | 586 | cat <<-EOF >> /etc/audit/audit.rules |
|---|
| 587 | | -a exit,possible -S init_module |
|---|
| 588 | | -a exit,possible -S delete_module |
|---|
| 589 | | -a exit,possible -w /bin/su |
|---|
| | 587 | -a exit,always -S init_module |
|---|
| | 588 | -a exit,always -S delete_module |
|---|
| | 589 | -a exit,always -w /bin/su |
|---|
| 590 | 590 | EOF |
|---|
| 591 | 591 | |
|---|
| … | … | |
| 1140 | 1140 | ## and the SA will ensure user files and directories will have an initial |
|---|
| 1141 | 1141 | ## permission no more permissive than 700, and never more permissive than 750. |
|---|
| 1142 | | for BASEDIR in /home |
|---|
| | 1142 | for BASEDIR in /home/* /root |
|---|
| 1143 | 1143 | do |
|---|
| 1144 | | find $DIR -type f -exec chmod 600 '{}'\; |
|---|
| 1145 | | find $DIR -type d -exec chmod 700 '{}'\; |
|---|
| | 1144 | find $BASEDIR -type f -exec chmod 600 '{}' \; |
|---|
| | 1145 | find $BASEDIR -type d -exec chmod 700 '{}' \; |
|---|
| 1146 | 1146 | done |
|---|
| 1147 | 1147 | |
|---|
| … | … | |
| 1322 | 1322 | chown root:root /var/crash |
|---|
| 1323 | 1323 | chmod -R 700 /var/crash |
|---|
| 1324 | | |
|---|
| 1325 | | ## (GEN04540: CAT II) The SA will ensure the help sendmail command is |
|---|
| 1326 | | ## disabled. |
|---|
| 1327 | | mv /etc/mail/helpfile /etc/mail/helpfile.bak |
|---|
| 1328 | | echo "" > /etc/mail/helpfile |
|---|
| 1329 | 1324 | |
|---|
| 1330 | 1325 | ## (GEN004560: CAT II) (Previously â G646) To help mask the e-mail version, |
|---|
| … | … | |
| 1961 | 1956 | |
|---|
| 1962 | 1957 | # 7.B.2.i(1) |
|---|
| 1963 | | # KickStart Actions: None - GEN006580 already implemented above |
|---|
| | 1958 | # KickStart Actions: None - GEN006620 already implemented above |
|---|
| 1964 | 1959 | |
|---|
| 1965 | 1960 | # 7.B.2.i(2) |
|---|
Download in other formats:
* Generating other formats may take time.
