|
can be accessed and will reveal additional system/user information to a malicious user.
14. Use the Security Configuration and Analysis MMC snap-in along with the HISECWEB.inf policy or other similar policy. This will enable the administrator to make many of the appropriate settings in one place, which can be implemented quickly on several machines. It also helps to eliminate the human error factor when it is setup correctly the first time. The HISECWEB.inf policy requires some initial customization, but provides a good basis for locking down many web servers functions.
UNIX Systems and Networks
The following recommendations can be implemented to improve the security of UNIX
systems and networks.
Startup and Login Scripts
Check the permissions and ownership of files accessed or executed upon system startup and
user login. If these files allow world-access, browse scripts to see if any unusual process or
script is started, especially if in user directories. System files and directories should be owned
by root/root or root/sys without world write or execute permissions so that they cannot be
modified or exploited by unauthorized users.
User startup files should be owned by the individual user and should not allow world access.
Next topic
Previous topic