Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
Next revisionBoth sides next revision
hardening_enterprise_filefabric [2019_01_23 14:05] kamranhardening-enterprise-filefabric [2019_01_23 14:36] – ↷ Page name changed from hardening_enterprise_filefabric to hardening-enterprise-filefabric smeadmin
Line 44: Line 44:
 </code> </code>
  
-===== SSH Settings =====+===== SSH Settings EFF Version <= 1901 =====
 This is only required for EFF instances that were initially deployed as > 1901, that are configured with a low security cipher. Please make the following changes. This is only required for EFF instances that were initially deployed as > 1901, that are configured with a low security cipher. Please make the following changes.
  
Line 58: Line 58:
 </code> </code>
  
-with+with these 3 lines
  
 <code> <code>
 +KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
 +
 Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
 +
 +MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
 +</code>
 +
 +After saving the file restart sshd service
 +
 +<code>
 +systemctl restart sshd
 </code> </code>
  
Line 75: Line 85:
 </code> </code>
  
-=====  Remove Apache HTTPD server Configuration ===== +=====  Remove Apache HTTPD server Configuration EFF version <= 1901 ===== 
 The icons directory is listed , this is not a security risk but some scanning tools can mark it as security risk.  The icons directory is listed , this is not a security risk but some scanning tools can mark it as security risk.