Page Comparison

...

Panel

borderColor	green
bgColor	#F3F9F4
borderStyle	solid

Anti-Virus Considerations
Anchor
antivirus
antivirus

You may choose any proven anti-virus product. One option is ClamAV. Anchorlinuxupdateslinuxupdates

Applying Security Updates

CentOS (command line):

Install and use the yum-security plugin.
To install the plugin run:

...

borderColor	green
borderStyle	solid

...

For UT devices running RHEL or CentOS installations, Cisco AMP - (only for UT systems) is another option. Please email help@ece.utexas.edu and provide the UT asset tag number (silver sticker The Property of The University of Texas at Austin) for further details. Your system will need to be verified it is property of the University.

Anchor

	linuxupdates
	linuxupdates

Applying Security Updates

CentOS (command line):

Install and use the yum-security plugin.
To install the plugin run:

Panel

borderColor	green
borderStyle	solid

sudo yum install yum-security

To list all updates that are security relevant, and get a reutrn code on whether there are security updates use:

...

# What ports, IPs and protocols we listen for

Port 491522002

It is recommended that a commonly known port number or a port number currently in use by another application is not selected. This may cause technical issues with port allocation in the future. A good secure range of ports you may want to use are ports from 49152 through 65535.

...

Verify SSH is listening on the new port by connecting to it. Note how the port number now needs to be declared.

ssh username@hostname -p 491522002

Anchor

	ntpserver
	ntpserver

Configure NTP Server

...

Panel

borderColor	green
borderStyle	solid

Option 1: Uninstall NFS server, NFS client, and Portmapper (RPCbind)

Open a command-line terminal and then type the following command:

$ sudo apt-get --purge remove nfs-kernel-server nfs-common rpcbind

Option 2: Portmap lockdown via TCP Wrapper

**Note**

Solaris system TCP Wrappers not are enabled by default. Open a command-line terminal and enter the following commands to enable rpcbind TCP Wrappers:


# svccfg -s rpc/bind setprop config/enable_tcpwrappers=true

# svcadm refresh rpc/bind

(Continue following the instructions below)

For all other Linux systems:

Open a command-line terminal and then type the following command:

$ sudo nano /etc/hosts.allowAdd the following lines:

rpcbind: 146.6.101.0/255.255.255.0
rpcbind: 128.83.190.0/255.255.255.0
rpcbind: 129.116.100.192/255.255.255.192
rpcbind: 129.116.238.128/255.255.255.192
rpcbind: 146.6.28.64/255.255.255.192
rpcbind: 146.6.53.0/255.255.255.0
rpcbind: 146.6.177.0/255.255.255.192
rpcbind: 129.116.140.0/255.255.255.0
rpcbind: 129.116.234.0/255.255.255.0
rpcbind: 172.25.1.0/255.255.255.224
rpcbind: 206.76.64.0/255.255.192.0
rpcbind: 198.213.192.0/255.255.192.0
rpcbind: 172.29.0.0/255.255.0.0
rpcbind: 10.0.0.0/255.0.0.0
rpcbind: 10.157.31.128/255.255.255.128
rpcbind: 10.157.33.0/255.255.255.0
rpcbind: 10.157.30.64/255.255.255.192
rpcbind: 10.157.34.0/255.255.255.0
rpcbind: 10.157.26.0/255.255.255.128
rpcbind: 10.157.27.0/255.255.255.0
rpcbind: 10.157.31.0/255.255.255.128
rpcbind: 10.157.29.0/255.255.255.128
rpcbind: 10.157.29.128/255.255.255.128
rpcbind: 10.157.30.0/255.255.255.192

Save the changes made to the file.

Type the following command:

$ sudo nano /etc/hosts.deny

Add the following lines:

rpcbind: ALL

Save the changes made to the file.

...

Source: https://wiki.ubuntu.com/LTS

Anchor
linuxfirewall
linuxfirewall

Enable Firewall

Ubuntu: https://help.ubuntu.com/community/UFW

RHEL/CentOS: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/sec-using_firewalls

Anchor

	luks
	luks

Encryption: LUKS

Encryption is mandatory for all desktops and laptops with a Linux non-server operating system.

Refer to documentation at - https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/sec-encryption

Note: It is preferred that encryption is enabled during the installation of the operating system. Initiating encryption after the system has been deployed will wipe all the user's data.

Anchor

	denyhosts
	denyhosts

Implement Deny Hosts

...

Versions Compared

Old Version 73

New Version Current

Key

Anti-Virus Considerations

Applying Security Updates

Change SSH Default Port

Configure NTP Server

Configure Portmap (RPC) Service

Distribution Updates

Enable Firewall

Encryption: LUKS

Implement Deny Hosts

Limit SSH Access to Campus Network

Password Complexity

System Accounts

Anti-Virus Considerations
Anchor
antivirus
antivirus

Applying Security Updates

Applying Security Updates

Configure NTP Server

Anchor
linuxfirewall
linuxfirewall

Enable Firewall

Encryption: LUKS

Note: It is preferred that encryption is enabled during the installation of the operating system. Initiating encryption after the system has been deployed will wipe all the user's data.

Implement Deny Hosts

Page Comparison

Versions Compared

Key

Anti-Virus Considerations Anchorantivirusantivirus

Applying Security Updates

Applying Security Updates

Configure NTP Server

Anchorlinuxfirewalllinuxfirewall

Enable Firewall

Encryption: LUKS

Note: It is preferred that encryption is enabled during the installation of the operating system. Initiating encryption after the system has been deployed will wipe all the user's data.

Implement Deny Hosts

Anti-Virus Considerations
Anchor
antivirus
antivirus

Anchor
linuxfirewall
linuxfirewall