Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revisionBoth sides next revision
hardening_enterprise_filefabric [2019_01_23 14:05] kamranhardening_enterprise_filefabric [2019_01_23 14:19] kamran
Line 44: Line 44:
 </code> </code>
  
-===== SSH Settings =====+===== SSH Settings EFF Version <= 1901 =====
 This is only required for EFF instances that were initially deployed as > 1901, that are configured with a low security cipher. Please make the following changes. This is only required for EFF instances that were initially deployed as > 1901, that are configured with a low security cipher. Please make the following changes.
  
Line 58: Line 58:
 </code> </code>
  
-with+with these 3 lines
  
 <code> <code>
 +KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
 +
 Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
 +
 +MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
 +</code>
 +
 +After saving the file restart sshd service
 +
 +<code>
 +systemctl restart sshd
 </code> </code>
  
Line 75: Line 85:
 </code> </code>
  
-=====  Remove Apache HTTPD server Configuration ===== +=====  Remove Apache HTTPD server Configuration EFF version <= 1901 ===== 
 The icons directory is listed , this is not a security risk but some scanning tools can mark it as security risk.  The icons directory is listed , this is not a security risk but some scanning tools can mark it as security risk. 
  
© Copyright 2024 Nasuni.