From c5b1d43dcc6b6a75794b65450b0c6f6652dff33a Mon Sep 17 00:00:00 2001 From: Rahul Date: Mon, 28 Jan 2019 13:58:21 +0530 Subject: [PATCH 1/2] Added CUPS in disable service list --- README.md | 26 ++++++++++++++++++++++++-- 1 file changed, 24 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index b825749..68fa663 100644 --- a/README.md +++ b/README.md @@ -129,8 +129,10 @@ If you want to support another repository containing **hardening** recipes, plea * [Testing tools](#testing-tools) + [Lynis](#lynis) + [Chrootkit](#chrootkit) -- **[Services](#hardening-services)** - * [Disable all unnecessary](#disable-all-unnecessary) +- **[Services](#services)** + * [Disable all unnecessary services](#disable-all-unnecessary-services) + + [Common unix print system](#eight_pointed_black_star-common-unix-print-system) + + [Summary Checklits](#ballot_box_with_check-summary-checklist-4) * [System services](#system-services) + [OpenSSH](#openssh) + [NTP](#ntp) @@ -587,3 +589,23 @@ proc /proc proc defaults,hidepid=2 0 0 | Setting up polyinstantiated directories for `/tmp` and `/var/tmp` | :black_square_button: | :black_square_button: | | Secure `/dev/shm` directory with `nodev`, `nosuid`, `noexec` options | :black_square_button: | :black_square_button: | | Secure `/proc` filesystem with `hidepid=2` option | :black_square_button: | :black_square_button: | + +## Services +### Disable all unnecessary services +The action in this section provide guidance on some of unwanted applications and services which you might not needed but they are installed by default during OS installation and unknowingly start eating your system resources and also threats to the system security.If unused services is not enabled then it cannot be exploited. +#### :eight_pointed_black_star: Common Unix Print System + +The Common Unix Print System (CUPS) provides the ability to print to both local and +network printers.If the system does not need to accept print jobs from other systems, it's recommended that CUPS be disabled to reduce the potential attack. + +Run the following command to verify cups is not enabled: +``` +# systemctl is-enabled cups +disabled +``` + +Run the following command to disable cups : +``` +# systemctl disable cups +``` +References: http://www.cups.org From 097ff3229f55921ec156401e4c0e7974f1e08bb0 Mon Sep 17 00:00:00 2001 From: "@trimstray" Date: Tue, 29 Jan 2019 01:10:09 +0100 Subject: [PATCH 2/2] fixed typos --- README.md | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 68fa663..1ed4c02 100644 --- a/README.md +++ b/README.md @@ -591,21 +591,26 @@ proc /proc proc defaults,hidepid=2 0 0 | Secure `/proc` filesystem with `hidepid=2` option | :black_square_button: | :black_square_button: | ## Services + ### Disable all unnecessary services -The action in this section provide guidance on some of unwanted applications and services which you might not needed but they are installed by default during OS installation and unknowingly start eating your system resources and also threats to the system security.If unused services is not enabled then it cannot be exploited. + +The action in this section provide guidance on some of unwanted applications and services which you might not needed but they are installed by default during OS installation and unknowingly start eating your system resources and also threats to the system security. If unused services is not enabled then it cannot be exploited. + #### :eight_pointed_black_star: Common Unix Print System -The Common Unix Print System (CUPS) provides the ability to print to both local and -network printers.If the system does not need to accept print jobs from other systems, it's recommended that CUPS be disabled to reduce the potential attack. +The Common Unix Print System (CUPS) provides the ability to print to both local and network printers. If the system does not need to accept print jobs from other systems, it's recommended that CUPS be disabled to reduce the potential attack. Run the following command to verify cups is not enabled: -``` + +```bash # systemctl is-enabled cups disabled ``` -Run the following command to disable cups : -``` +Run the following command to disable cups: + +```bash # systemctl disable cups ``` -References: http://www.cups.org + +[Source](http://www.cups.org)