Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
hardening-enterprise-filefabric [2019_04_11 16:30] – [SSH Settings EFF Version <= 1901] steven | hardening-enterprise-filefabric [2024_04_16 18:01] (current) – [SSH Settings NAA Version <= 1901] steven | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Hardening | + | ====== Hardening |
Line 44: | Line 44: | ||
</ | </ | ||
- | ===== SSH Settings EFF Version <= 1901 ===== | ||
- | This is only required for EFF instances that were initially deployed before 1901, that are configured with a low security cipher. Please make the following changes. | ||
- | |||
- | As the root user edit the following file with the vi or nano editors: | ||
- | < | ||
- | vi / | ||
- | </ | ||
- | |||
- | Find and replace the following line: | ||
- | < | ||
- | Ciphers aes128-ctr, | ||
- | </ | ||
- | |||
- | with these 3 lines | ||
- | |||
- | < | ||
- | KexAlgorithms curve25519-sha256@libssh.org, | ||
- | |||
- | Ciphers chacha20-poly1305@openssh.com, | ||
- | |||
- | MACs hmac-sha2-512-etm@openssh.com, | ||
- | </ | ||
- | |||
- | After saving the file restart sshd service | ||
- | |||
- | < | ||
- | systemctl restart sshd | ||
- | </ | ||
===== Disable CloudFTP ===== | ===== Disable CloudFTP ===== | ||
- | EFF provides legacy protocol adaptors i.e you can access any storage using FTP, FTPS and SFTP. | + | NAA provides legacy protocol adaptors i.e you can access any storage using FTP, FTPS and SFTP. |
FTP provider is unencrypted protocol. Disable FTP, FTPS and SFTP service depending on your security policy. | FTP provider is unencrypted protocol. Disable FTP, FTPS and SFTP service depending on your security policy. | ||
- | For compatibility SFTP and FTPS support a wide range of encryption protocols and ciphers. For a locked down EFF deployment we recommend disabling CloudFTP service | + | For compatibility SFTP and FTPS support a wide range of encryption protocols and ciphers. For a locked down NAA deployment we recommend disabling CloudFTP service |
As root | As root | ||
Line 84: | Line 56: | ||
</ | </ | ||
- | ===== Remove Apache HTTPD server Configuration | + | ===== Remove Apache HTTPD server Configuration |
The icons directory is listed , this is not a security risk but some scanning tools can mark it as security risk. | The icons directory is listed , this is not a security risk but some scanning tools can mark it as security risk. | ||