ConfigServer Security & Firewall - csf v5.15

asishlla

Verified User
Joined
Jul 24, 2009
Messages
278
Hi,
I installed security software called ConfigServer Security & Firewall - csf v5.15.
You can work with the software directly from the DA ,, and has option called Firewall Check.there is (ok status) and there is some WARNING need to fix like:

1) Check csf SAFECHAINUPDATE option (WARNING) This option closes a window of opportunity that opens when dynamic chain updates occur.
2) Check /tmp is mounted as a filesystem (WARNING) /tmp should be mounted as a separate filesystem with the noexec,nosuid options set.
3) Check /var/tmp is mounted as a filesystem (WARNING) /var/tmp should either be symlinked to /tmp or mounted as a filesystem.
4) Check SSH PasswordAuthentication (WARNING) For ultimate SSH security, you should consider disabling PasswordAuthentication and only allow access using PubkeyAuthentication

and athers WARNING
Can someone explain to me how it handles These warnings?
thanks.
 
2) Check /tmp is mounted as a filesystem (WARNING) /tmp should be mounted as a separate filesystem with the noexec,nosuid options set.

please provide outpu of

Code:
cat /etc/fstab

3) Check /var/tmp is mounted as a filesystem (WARNING) /var/tmp should either be symlinked to /tmp or mounted as a filesystem.

same as up

1) Check csf SAFECHAINUPDATE option (WARNING) This option closes a window of opportunity that opens when dynamic chain updates occur.

go to csf configuration and set SAFECHAINUPDATE to 1

4) Check SSH PasswordAuthentication (WARNING) For ultimate SSH security, you should consider disabling PasswordAuthentication and only allow access using PubkeyAuthentication

you should set ssh to use pubkeyauth instead of password.. but, depend on your experience on linux box... i suggest to change default ssh port to a non-standard one

regards
 
Back
Top