Administrace komentářů

tak ten maldet bude asi false positive ale jak rikam, je potreba jej pustit na / a ne jen na /home

v lynisu je zajimave asi toto:

! Can't find any security repository in /etc/apt/sources.list or sources.list.d directory [PKGS-7388] https://cisofy.com/controls/PKGS-7388/

pritom by tam mel asi jeden radek byt?

! iptables module(s) loaded, but no rules active [FIRE-4512] https://cisofy.com/controls/FIRE-4512/

asi je to za jinym FW nebo NATem ne?

! PHP option expose_php is possibly turned on, which can reveal useful information for attackers. [PHP-2372] https://cisofy.com/controls/PHP-2372/

to uz jsem rikal, stejne bude potreba PHP dat na nejnovejsi verzi, ale s nastavenim je taky potreba si pohrat, k tomu se vztahuji jeste tyto 4:

* Change the expose_php line to: expose_php = Off [PHP-2372] https://cisofy.com/controls/PHP-2372/

* Change the allow_url_fopen line to: allow_url_fopen = Off, to disable downloads via PHP [PHP-2376] https://cisofy.com/controls/PHP-2376/

* Harden PHP by enabling suhosin extension [PHP-2379] https://cisofy.com/controls/PHP-2379/

* Harden PHP by deactivating suhosin simulation mode [PHP-2379] https://cisofy.com/controls/PHP-2379/

a dva pro apache:

* Install Apache mod_evasive to guard webserver against DoS/brute force attempts [HTTP-6640] https://cisofy.com/controls/HTTP-6640/

* Install Apache modsecurity to guard webserver against web application attacks [HTTP-6643] https://cisofy.com/controls/HTTP-6643/

squid bych asi voddelal, jestli to nepouzivate

nakonec me zaujaly ty smazany soubory, co se stale pouzivaji, to by se mohlo tykat toho /tmp:

* Check what deleted files are still in use and why. [LOGG-2190] https://cisofy.com/controls/LOGG-2190/

sudo lsof /tmp | grep deleted