Securing-Optimizing-RH-Linux-1_2_200
Comments and suggestions concerning this book should be mailed to gmourani@videotron.ca
© Copyright 1999-2000 Gerhard Mourani and Open Network Architecture ®
200
}
(emailto = admin@openarch.com, rulename = "Login Scripts")
{
/etc/csh.login
-> $(SEC_CONFIG);
/etc/profile
-> $(SEC_CONFIG);
}
# These files change every time the system boots
(emailto = admin@openarch.com, rulename = "System boot changes", severity = $(SIG_HI))
{
/dev/log
-> $(Dynamic) ;
/dev/cua0
-> $(Dynamic) ;
/dev/console
-> $(Dynamic) ;
/dev/tty2
-> $(Dynamic) ; # tty devices
/dev/tty3
-> $(Dynamic) ; # are extremely
/dev/tty4
-> $(Dynamic) ; # variable
/dev/tty5
-> $(Dynamic) ;
/dev/tty6
-> $(Dynamic) ;
/dev/urandom -> $(Dynamic) ;
/dev/initctl
-> $(Dynamic) ;
/var/lock/subsys -> $(Dynamic) ;
/var/run
-> $(Dynamic) ; # daemon PIDs
/var/log
-> $(Dynamic) ;
/etc/ioctl.save
-> $(Dynamic) ;
/etc/.pwd.lock
-> $(Dynamic) ;
/etc/mtab
-> $(Dynamic) ;
/lib/modules
-> $(Dynamic) ;
}
# Critical configuration files
(emailto = admin@openarch.com, rulename = "Critical configuration files", severity = $(SIG_HI))
{
/etc/conf.modules -> $(ReadOnly) ;
/etc/crontab
-> $(ReadOnly) ;
/etc/cron.hourly
-> $(ReadOnly) ;
/etc/cron.daily
-> $(ReadOnly) ;
/etc/cron.weekly
-> $(ReadOnly) ;
/etc/cron.monthly -> $(ReadOnly) ;
/etc/default
-> $(ReadOnly) ;
/etc/fstab
-> $(ReadOnly) ;
/etc/group-
-> $(ReadOnly) ; # changes should be infrequent
/etc/host.conf
-> $(ReadOnly) ;
/etc/hosts.allow
-> $(ReadOnly) ;
/etc/hosts.deny
-> $(ReadOnly) ;
/etc/lilo.conf
-> $(ReadOnly) ;
/etc/logrotate.conf
-> $(ReadOnly) ;
/etc/pwdb.conf
-> $(ReadOnly) ;
/etc/securetty
-> $(ReadOnly) ;
/etc/sendmail.cf
-> $(ReadOnly) ;
/etc/protocols
-> $(ReadOnly) ;
/etc/services
-> $(ReadOnly) ;
/etc/rc.d/init.d
-> $(ReadOnly) ;
/etc/rc.d
-> $(ReadOnly) ;
/etc/motd
-> $(ReadOnly) ;
/etc/passwd
-> $(ReadOnly) ;
/etc/passwd-
-> $(ReadOnly) ;
/etc/profile.d
-> $(ReadOnly) ;
/etc/rpc
-> $(ReadOnly) ;
/etc/sysconfig
-> $(ReadOnly) ;
/etc/shells
-> $(ReadOnly) ;
/etc/nsswitch.conf -> $(ReadOnly) ;