
This is the Title of the Book, eMatter Edition
Copyright © 2007 O’Reilly & Associates, Inc. All rights reserved.
Automated Hardening with Bastille Linux
|
115
Module 7: ConfigureMiscPAM.pm
Several useful restrictions on user accounts are set here. Note, however, that the
file-size restriction of 40 MB that Bastille sets may cause strange behavior on
your system. Be prepared to edit /etc/security/limits.conf later if this happens to
you.
Module 8: Logging.pm
Too little logging is enabled by default on most systems. This module increases
the overall amount of logging and allows you to send log data to a remote host.
Process accounting (i.e., tracking all processes) can also be enabled here but is
overkill for most systems.
Module 9: MiscellaneousDaemons.pm
In this section, you can disable a number of services that tend to be enabled by
default, despite being unnecessary for most users.
Module 10: Sendmail.pm
This Bastille module performs some rudimentary tweaks to Sendmail: notably,
disabling its startup script if the system is not an SMTP gateway and disabling
dangerous SMTP commands such as EXPN and VRFY if it is.
Module 11: Apache.pm
This module addresses several aspects of Apache (web server) security, includ-
ing interface/IP bindings, server-side includes, and CGI.
Module 12: Printing.pm
It’s common for lpd, the line printer daemon, to be active even if no printers have
been configured. That may