diff options
-rw-r--r-- | TODO | 5 | ||||
-rw-r--r-- | logcheck/ignore.d.server/tmp | 2 |
2 files changed, 7 insertions, 0 deletions
@@ -6,6 +6,11 @@ Add squid support: Search /etc/squid.conf for "YOUR OWN RULE" and add "acl local Add integrit support: Remove all relevant comments in /etc/integrit/integrit.conf and "# ! " in /etc/cron.daily.integrit. Implement meta-hints about filesharing: ftp should use "-l" and "~ users" when default users are dummy users. And the local user-init, adduser.local and deluser.local should be generic. Figure out if bind or bind9 is installed as nameserver (currently both are reloaded, which is non-optimal and _can_ lead to errors) +Calibrate max open files based on available memory (as suggested at http://www.linuxdoc.org/LDP/solrhe/Securing-Optimizing-Linux-RH-Edition-v1.3/chap6sec72.html and http://www.xenoclast.org/doc/benchmark/HTTP-benchmarking-HOWTO/node7.html): + FILEMAX = (INSTALLED_RAM*256)/4 + /etc/sysctl.conf: fs.file-max = FILEMAX + /etc/security/limits.conf: * soft nofile 1024 + /etc/security/limits.conf: * hard nofile FILEMAX Xenux: ------ diff --git a/logcheck/ignore.d.server/tmp b/logcheck/ignore.d.server/tmp index 805ae4d..b4204a3 100644 --- a/logcheck/ignore.d.server/tmp +++ b/logcheck/ignore.d.server/tmp @@ -41,6 +41,8 @@ snort: spp_portscan: portscan status from snort: IDS246 - MISC - Large ICMP Packet: snort: NETBIOS-SMB-C: snort: NETBIOS-SMB-CD...: +snort: WEB-../..: snort: spp_portscan: PORTSCAN DETECTED snort: spp_portscan: End of portscan snort: IDS029 - SCAN-Possible Queso Fingerprint attempt: +snort: IDS226 - CVE-1999-0172 - CGI-formmail: |