LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   How to resolve tiger --FAIL-- (http://www.linuxquestions.org/questions/linux-security-4/how-to-resolve-tiger-fail-621670/)

cizzi 02-16-2008 04:16 PM

How to resolve tiger --FAIL--
 
I would like to resolve these --FAIL-- directives from my tiger report.
If you know how to resolve any or all of them please let me know, thanks.

--FAIL-- [lin007w] Normal users can reboot the system through ctrl+alt+del in runlevels 12345

--FAIL-- [dev002f] /dev/nvidia0 has world permissions
--FAIL-- [dev002f] /dev/nvidiactl has world permissions
(for these 2, I did chmod o-rw but when i reboot they get reset)

--FAIL-- [lin013f] The system is not protected against Syn flooding attacks
--FAIL-- [lin014f] The system permits the transmission of IP packets with invalid addresses
--FAIL-- [lin016f] The system permits source routing from incoming packets

Thanks.

Deleriux 02-16-2008 05:19 PM

Quote:

--FAIL-- [lin007w] Normal users can reboot the system through ctrl+alt+del in runlevels 12345
Change the file /etc/inittab and change the number to just 1

Quote:

--FAIL-- [dev002f] /dev/nvidia0 has world permissions
--FAIL-- [dev002f] /dev/nvidiactl has world permissions
(for these 2, I did chmod o-rw but when i reboot they get reset)
You would need to add a rule into udev for that. I'm not familiar with the rules stuff in it. I would genereally not recommend messing with your video card device though.

Quote:

--FAIL-- [lin013f] The system is not protected against Syn flooding attacks
Add the line "net.ipv4.tcp_syncookies = 1" to the file /etc/sysctl.conf

Quote:

--FAIL-- [lin014f] The system permits the transmission of IP packets with invalid addresses
Add the line "net.ipv4.conf.all.rp_filter = 1" to the file /etc/sysctl.conf (im not quite sure with this one, this is my best guess :))

Quote:

--FAIL-- [lin016f] The system permits source routing from incoming packets
Add the line "net.ipv4.conf.all.accept_source_route = 0" to the file /etc/sysctl.conf


All times are GMT -5. The time now is 04:49 PM.