The ability to boot from removable media is the same as being able to boot into single user, or maintenance, mode without a password. The system must be configured to only boot from the system boot device. Shells with world/group write permissions give the ability to maliciously modify the shell to obtain unauthorized access. If TFTP is not running in secure mode, it may be able to write to any file or directory and may seriously impair system integrity.Īll shell files must have mode 0755 or less permissive. Secure mode limits TFTP requests to a specific directory. The TFTP daemon must operate in "secure mode" which provides access only to a single directory on the host file system. Insecure file locking could allow for sensitive data to be viewed or edited by an unauthorized user. The Linux NFS Server must not have the insecure file locking option. If TFTP runs with the setuid or setgid bit set, it may be able to write to any file or directory and may seriously impair system integrity, confidentiality, and availability. The TFTP daemon must have mode 0755 or less permissive. Malicious users with removable boot media can gain access to a system configured to use removable media as the boot loader. The system must not use removable media as the boot loader. GRUB is a versatile boot loader used by several platforms that can provide authentication for access to the system or boot loader. If the system's boot loader does not require authentication, users with console access to the system may be able to alter the system boot configuration or boot the system into single user or.įor systems capable of using GRUB, the system must be configured with GRUB as the default boot loader unless another boot loader has been authorized, justified, and documented using site-defined procedures. The system boot loader must require authentication. Specific exceptions for local service administration should be documented in. If a web browser flaw is exploited while running as a privileged user, the entire system could be compromised. If an anonymous FTP account has been configured to use a functional shell, attackers could gain access to the shell if the account is compromised.Īdministrative accounts must not run a web browser, except as needed for local service administration. This is.Īnonymous FTP accounts must not have a functional shell.
RED HAT ENTERPRISE LINUX 5 PASSWORD
If a user accesses the root account (or any account) using an unencrypted connection, the password is passed over the network in clear text form and is subject to interception and misuse. Root passwords must never be passed over a network in clear text form.
![red hat enterprise linux 5 red hat enterprise linux 5](https://images-na.ssl-images-amazon.com/images/I/51832T03V-L._SX385_BO1,204,203,200_.jpg)
Types of Certificates 21.8.5.Findings (MAC III - Administrative Sensitive) Finding ID Using Pre-Existing Keys and Certificates 21.8.4. An Overview of Certificates and Security 21.8.3. An Overview of Security-Related Packages 21.8.2. Apache HTTP Secure Server Configuration 21.8.1. MPM Specific Server-Pool Directives 21.6. Migrating Apache HTTP Server 1.3 Configuration Files to 2.0 21.3. Migrating Apache HTTP Server 2.0 Configuration Files 21.2.2. Migrating Apache HTTP Server Configuration Files 21.2.1. Dynamic Host Configuration Protocol (DHCP) 20.1. Samba with CUPS Printing Support 19.10.1. WINS (Windows Internetworking Name Server) 19.10. Samba Account Information Databases 19.9. Samba Server Types and the smb.conf File 19.6.1. Samba Daemons and Related Services 19.2.1. The /etc/exports Configuration File 18.7.1.
![red hat enterprise linux 5 red hat enterprise linux 5](https://linux-cdn.softpedia.com/screenshots/Red-Hat-Enterprise_3.jpg)
Exporting or Sharing NFS File Systems 18.6.2. Mounting NFS File Systems using /etc/fstab 18.3. Requiring SSH for Remote Connections 17.5. Event Sequence of an SSH Connection 17.3.1. Berkeley Internet Name Domain (BIND) 16.1. Saving and Restoring the Network Configuration 15. Establishing a Token Ring Connection 14.7. Establishing an Ethernet Connection 14.3. Practical and Common Examples of RPM Usage 10.5. Adding Unallocated Volumes to a volume group 9.5.3.
![red hat enterprise linux 5 red hat enterprise linux 5](https://miro.medium.com/max/2728/1*Q6DoUYYYLtX-C8w63L4IvQ.png)
Using the LVM utility system-config-lvm 9.5.1. Setting the Grace Period for Soft Limits 7.2. Removing an LVM2 Logical Volume for Swap 5.3.3. Reducing Swap on an LVM2 Logical Volume 5.3.2. Creating an LVM2 Logical Volume for Swap 5.2.3.
![red hat enterprise linux 5 red hat enterprise linux 5](https://cse.osu.edu/sites/default/files/styles/coe_medium/public/media/legacy/image002.jpg)
Extending Swap on an LVM2 Logical Volume 5.2.2. Creating the RAID Devices and Mount Points 5.
RED HAT ENTERPRISE LINUX 5 SOFTWARE
Hardware RAID versus Software RAID 4.3.1. Redundant Array of Independent Disks (RAID) 4.1. Top-level Files within the proc File System 3.2.1. Special File Locations Under Red Hat Enterprise Linux 2. Overview of File System Hierarchy Standard (FHS) 1.2.1.