LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
LinkBack Search this Thread
Old 02-16-2008, 04:16 PM   #1
cizzi
Member
 
Registered: Jun 2001
Distribution: Gentoo
Posts: 138

Rep: Reputation: 17
How to resolve tiger --FAIL--


I would like to resolve these --FAIL-- directives from my tiger report.
If you know how to resolve any or all of them please let me know, thanks.

--FAIL-- [lin007w] Normal users can reboot the system through ctrl+alt+del in runlevels 12345

--FAIL-- [dev002f] /dev/nvidia0 has world permissions
--FAIL-- [dev002f] /dev/nvidiactl has world permissions
(for these 2, I did chmod o-rw but when i reboot they get reset)

--FAIL-- [lin013f] The system is not protected against Syn flooding attacks
--FAIL-- [lin014f] The system permits the transmission of IP packets with invalid addresses
--FAIL-- [lin016f] The system permits source routing from incoming packets

Thanks.
 
Old 02-16-2008, 05:19 PM   #2
Deleriux
Member
 
Registered: Nov 2003
Posts: 89

Rep: Reputation: 16
Quote:
--FAIL-- [lin007w] Normal users can reboot the system through ctrl+alt+del in runlevels 12345
Change the file /etc/inittab and change the number to just 1

Quote:
--FAIL-- [dev002f] /dev/nvidia0 has world permissions
--FAIL-- [dev002f] /dev/nvidiactl has world permissions
(for these 2, I did chmod o-rw but when i reboot they get reset)
You would need to add a rule into udev for that. I'm not familiar with the rules stuff in it. I would genereally not recommend messing with your video card device though.

Quote:
--FAIL-- [lin013f] The system is not protected against Syn flooding attacks
Add the line "net.ipv4.tcp_syncookies = 1" to the file /etc/sysctl.conf

Quote:
--FAIL-- [lin014f] The system permits the transmission of IP packets with invalid addresses
Add the line "net.ipv4.conf.all.rp_filter = 1" to the file /etc/sysctl.conf (im not quite sure with this one, this is my best guess )

Quote:
--FAIL-- [lin016f] The system permits source routing from incoming packets
Add the line "net.ipv4.conf.all.accept_source_route = 0" to the file /etc/sysctl.conf
 
  


Reply

Tags
linux, scanner, security, tiger


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Unable to resolve ulr. /et/resolve.conf looks fine? TheBrick Linux - Networking 3 02-14-2008 04:13 AM
Linking problem under 10.4 Tiger maverick_pol Other *NIX 0 01-06-2008 12:48 PM
Removing noise from Tiger? jsosic Linux - Security 1 04-18-2006 02:24 PM
tiger report ? divukman Linux - Security 1 02-24-2006 04:23 AM
DNS can't resolve gmail.com but can resolve everything else? TongueTied Linux - Networking 2 01-24-2006 03:39 AM


All times are GMT -5. The time now is 01:11 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration