Ensure daytime services are not enabled
Details Disabling this service will reduce the remote attack surface of the system. Solution Comment out or remove any lines...
- Home
- Security Hardening
- Tenable Cisco Firepower Management Center OS Best Practices
Tenable Cisco Firepower Management Center OS Best Practices
Ensure DCCP is disabled
Details If the protocol is not required, it is recommended that the drivers not be installed to reduce the potential...Ensure default deny firewall policy – Chain FORWARD
Details With a default accept policy the firewall will accept any packet that is not configured to be denied. It...Ensure default deny firewall policy – Chain INPUT
Details With a default accept policy the firewall will accept any packet that is not configured to be denied. It...Ensure default deny firewall policy – Chain OUTPUT
Details With a default accept policy the firewall will accept any packet that is not configured to be denied. It...Ensure default group for the root account is GID 0
Details Using GID 0 for the root account helps prevent root -owned files from accidentally becoming accessible to non-privileged users....Ensure default user shell timeout is 900 seconds or less – /etc/profile
Details The default TMOUT determines the shell timeout for users. The TMOUT value is measured in seconds. Solution Edit the...Ensure DHCP Server is not enabled
Details Unless a system is specifically set up to act as a DHCP server, it is recommended that this service...Ensure discard services are not enabled
Details Disabling this service will reduce the remote attack surface of the system. Solution Comment out or remove any lines...Ensure discretionary access control permission modification events are collected – auditctl b32 chmod fchmod
Details Monitor changes to file permissions, attributes, ownership and group. The parameters in this section track changes for system calls...