linux:linux-hardening:boot_security
Table of Contents
Secure Server Build
Boot Security
Ensure root is the owner of /etc/grub.conf then
chmod 700 grub.conf
This makes root the only person who can rw to it.
Boot password
This should be set up at install time
Interactive Booting
Edit the file /etc/sysconfig/init. Add or correct the setting:
PROMPT=no
While editing this file also turn off graphical boot
GRAPHICAL=no
Disable Core Dumps
To disable core dumps for all users, add or correct the following line in /etc/security/limits.conf
* hard core 0
In addition, to ensure that core dumps can never be made by setuid programs, edit /etc/sysctl.conf and add or correct the line:
fs.suid_dumpable = 0
linux/linux-hardening/boot_security.txt · Last modified: by 127.0.0.1