vim 5.9 2011-10-31T12:00:00-04:00 sysctl net.ipv4.ip_forward must be 0 sysctl net.ipv4.tcp_syncookies must be 1 sysctl net.ipv6.conf.all.forwarding must be 0 sysctl net.ipv6.conf.default.forwarding must be 0 kernel config CONFIG_SYN_COOKIES must be y file /etc/login.defs must have a line that matches ^PASS_MAX_DAYS.*99999 file /etc/login.defs must have a line that matches ^PASS_MIN_DAYS.*0 file /etc/login.defs must have a line that matches ^PASS_WARN_AGE.*7 file /etc/pam.d/common-password must have a line that matches minlen=6 file /etc/pam.d/common-password must have a line that matches remember= file /etc/login.defs may not have a line that matches ^FAIL_DELAY.*0 file /etc/login.defs must have a line that matches ^FAIL_DELAY file /etc/sysconfig/displaymanager must have a line that matches ^DISPLAYMANAGER_REMOTE_ACCESS.*no file /etc/sysconfig/displaymanager must have a line that matches ^DISPLAYMANAGER_ROOT_LOGIN_REMOTE.*no file /etc/login.defs must have a line that matches ^UID_MIN.*1000 file /etc/login.defs must have a line that matches ^UID_MAX.*60000 file /etc/login.defs must have a line that matches ^GID_MIN.*1000 file /etc/login.defs must have a line that matches ^GID_MAX.*60000 sysctl kernel.sysrq must be 0 file /etc/default/passwd may not have a line that matches ^CRYPT_FILES=md5 file /etc/default/passwd may not have a line that matches ^CRYPT_FILES=des file /etc/sysconfig/security must have a line that matches ^CHECK_PERMISSIONS.*set file /etc/sysconfig/security must have a line that matches ^CHECK_SIGNATURES.*yes file /etc/sysconfig/dhcpd must have a line that matches ^DHCPD_RUN_CHROOTED.*yes file /etc/sysconfig/dhcpd must have a line that matches ^DHCPD_RUN_AS.*dhcpd file /etc/sysconfig/dhcpd must have a line that matches ^DHCPD6_RUN_CHROOTED.*yes file /etc/sysconfig/dhcpd must have a line that matches ^DHCPD6_RUN_AS.*dhcpd file /etc/sysconfig/services must have a line that matches ^DISABLE_RESTART_ON_UPDATE.*yes file /etc/sysconfig/services must have a line that matches ^DISABLE_STOP_ON_REMOVAL.*yes /proc/sys/net/ipv4/ip_forward ^[[:space:]]*([^#[:space:]].*[^[:space:]]?)[[:space:]]*$ 1 /proc/sys/net/ipv4/tcp_syncookies ^[[:space:]]*([^#[:space:]].*[^[:space:]]?)[[:space:]]*$ 1 /usr/src/linux/.config (CONFIG_SYN_COOKIES.*) 1 /proc/sys/net/ipv6/conf/all/forwarding ^[[:space:]]*([^#[:space:]].*[^[:space:]]?)[[:space:]]*$ 1 /proc/sys/net/ipv6/conf/default/forwarding ^[[:space:]]*([^#[:space:]].*[^[:space:]]?)[[:space:]]*$ 1 /proc/sys/kernel/sysrq ^[[:space:]]*([^#[:space:]].*[^[:space:]]?)[[:space:]]*$ 1 /etc/login.defs ^[[:space:]]*([^#[:space:]].*[^[:space:]]?)[[:space:]]*$ 1 /etc/pam.d/common-passwd ^[[:space:]]*([^#[:space:]].*[^[:space:]]?)[[:space:]]*$ 1 /etc/default/passwd ^[[:space:]]*([^#[:space:]].*[^[:space:]]?)[[:space:]]*$ 1 /etc/pam.d/common-password ^[[:space:]]*([^#[:space:]].*[^[:space:]]?)[[:space:]]*$ 1 /etc/sysconfig/dhcpd ^[[:space:]]*([^#[:space:]].*[^[:space:]]?)[[:space:]]*$ 1 /etc/sysconfig/displaymanager ^[[:space:]]*([^#[:space:]].*[^[:space:]]?)[[:space:]]*$ 1 /etc/sysconfig/security ^[[:space:]]*([^#[:space:]].*[^[:space:]]?)[[:space:]]*$ 1 /etc/sysconfig/services ^[[:space:]]*([^#[:space:]].*[^[:space:]]?)[[:space:]]*$ 1 0 1 CONFIG_SYN_COOKIES=y ^PASS_MAX_DAYS.*99999 ^PASS_MIN_DAYS.*0 ^PASS_WARN_AGE.*7 ^minlen=6 ^remember= ^FAIL_DELAY.*0 ^FAIL_DELAY ^UID_MIN.*1000 ^UID_MAX.*60000 ^GID_MIN.*1000 ^GID_MAX.*60000 ^CRYPT_FILES=md5 ^CRYPT_FILES=des minlen=6 remember= ^DHCPD_RUN_CHROOTED.*yes ^DHCPD_RUN_AS.*dhcpd ^DHCPD6_RUN_CHROOTED.*yes ^DHCPD6_RUN_AS.*dhcpd ^DISPLAYMANAGER_REMOTE_ACCESS.*no ^DISPLAYMANAGER_ROOT_LOGIN_REMOTE.*no ^CHECK_PERMISSIONS.*set ^CHECK_SIGNATURES.*yes ^DISABLE_RESTART_ON_UPDATE.*yes ^DISABLE_STOP_ON_REMOVAL.*yes