50 recent changes in HPC Web retrieved at 01:02 (Local)

Rhel7Stig199
Implement after stability reached.
Rhel7Stig192
Do this one last as its annoying during development.
Rhel7Stig191
This one terminates network sessions after 10 minutes of inactivity. Leave this until things are stable.
Rhel7Stig189
This is about setting up the firewall. It can wait a little bit yet.
Rhel7Stig187
There is no expectation that users will receive mail on server 1. It serves as a way to forward mail off of the cluster (e.g., sending notifications back to the s...
Rhel7Stig186
Need to "document" that server 1 aggregates logs for the other hosts in the cluster.
Rhel7Stig127
DId cp /usr/share/doc/audit 2.8.4/rules/30 stig.rules stig.rules= to put these rules into /etc/audit/rules.d. Then restarted service using service auditd restart....
Rhel7Stig120
This can be done but we'll have to find a place to upload them to. Maybe an NRAO site?
Rhel7Stig118
See note for RHEL 07 030210.
Rhel7Stig116
This requirement seems to be aimed at sending audit messages off the machine. However, server 1 doesn't really have anywhere to send them. This feature is more ap...
Rhel7Stig115
The requirement for high availability will need to be documented and some sort of notification upon audit failure will have to be configured.
Rhel7Stig113
Removed the installed telnet server package.
Rhel7Stig108
This one works pretty much as the directions describe. I suggest copying the linux image (vmlinuz...) and the ram disk image (initramfs...) and /boot/efi/EFI/redh...
Rhel7Stig089
Better first search is find / xdev perm 002 type f perm /111 exec ls ld {} \; more since this will only return executable files that are world writable.
Rhel7Stig112
Looks like there is no entry to boot from removable media.
Rhel7Stig111
Most rules had sha256 already. Changed them to sha512.
Rhel7Stig110
It appears that xattr status is given to most of the watched files.
Rhel7Stig109
Installed the aide package and looked at its config file. It appears to have "acl" in most of its rules.
Rhel7Stig107
Either /tmp has to be mounted in its own partition or it has to be a memory resident beastie(?).
Rhel7Stig105
They want the /var to be in a separate filesystem (i.e. partition). Argh!
Rhel7Stig097
Made entry in /etc/fstab: tmpfs /dev/shm tmpfs defaults,rw,nosuid,nodev,noexec 0 0.
Rhel7Stig095
It is mounted outside of /etc/fstab but has nodev option.
Rhel7Stig094
No problem on server * but the swcs will require documented necessity.
Rhel7Stig090
Revisit after enabling selinux.
Rhel7Stig084
The checking logic provided seems to prevent any file sharing except by group which is not really consistent with the collaborative nature of this system's usage....
Rhel7Stig055
This appears to require that a MacAfee HBSS package be installed.
Rhel7Stig031
Edited /etc/login.defs and set PASS_MAX_DAYS to 60
Rhel7Stig029
Edited /etc/login.defs and set PASS_MIN_DAYS 1.
Rhel7Stig064
Edited /etc/yum.conf and added line "clean_requirements_on_remove=1".
Rhel7Stig063
The autofs service is currently disabled.
Rhel7Stig056
This is a configuration issue for SE Linux; defer until SE Linux issue is addressed.
Rhel7Stig053
The rsh server package is not installed.
Rhel7Stig052
Smartcard support is required for this. Not sure, yet, how to handle this.
Rhel7Stig050
Save this one until system is stable.
Rhel7Stig049
The systems are booting under UEFI so this rule does not apply.
Rhel7Stig048
System comes this way it appears.
Rhel7Stig047
This system is RHEL 7.6 and thus this rule is not applicable.
Rhel7Stig046
Edited /etc/ssh/sshd_config and uncommented "HostbasedAuthentication no". This was probably the default, but...
Rhel7Stig044
The gdm package is not installed.
Rhel7Stig043
The gdm package is not installed.
Rhel7Stig042
Edited /etc/login.defs and added line "FAIL_DELAY 4".
Rhel7Stig040
No account is given password free sudo.
Rhel7Stig039
Do this one at the last moment to keep usage reasonable.
Rhel7Stig038
Do this awful thing at the last moment.
Rhel7Stig037
Edited /etc/default/useradd setting "INACTIVE=0".
Rhel7Stig036
Edited /etc/ssh/sshd_config to uncomment "PermitEmptyPasswords no". This was already the default setting, but need to make autior happy : (.
Rhel7Stig035
Rule's query came back without anything of interest.
Rhel7Stig034
In /etc/security/pwquality.conf set minlen to 15.
Rhel7Stig033
Added line "password requisite pam_pwhistory.so use_authtok remember=5 retry=3" to /etc/pam.d/{system auth,password auth} as directed in rule.
Rhel7Stig032
Using "chage M 60 theUser" on pch,ajs,oper,difxmgr to meet this requirement.
Number of topics: 50
< Previous Page 3 of 10 Next >

See also: rss-small RSS feed, recent changes with 50, 100, 200, 500, 1000 topics, all changes

This topic: HPC > DirectorsOffice > WebChanges
Topic revision: 2009-10-19, CarolynWhite
This site is powered by FoswikiCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding NRAO Public Wiki? Send feedback