Professional Documents
Culture Documents
#ensure NX support
dmesg | grep NX | grep -q "(Execute Disable) protection: active" || echo "Please
ensure NX support"
##Warning Banners
#Ensure local login warning banner is configured properly
echo "This system, its hardware, software and data is owned by Adecco and only
authorized users are allowed to gain access to it.Your usage of Adecco technology
may be monitored, logged and subject to investigation according to applicable laws.
By continuing beyond this point and logging in, you agree to abide by the above
conditions and the Adecco Group Policies and Standards.Unauthorized use of Adecco
technology or breach of Adecco Group Policies and Standards is prohibited and may
be subject to disciplinary action, which may include criminal and/or civil
penalties" > /etc/issue
#Ensure permissions
chown root:root /etc/motd
chmod 644 /etc/motd
ipv4defaultredirect_param=`sysctl net.ipv4.conf.default.send_redirects`
if [ "$ipv4defaultredirect_param" != "net.ipv4.conf.default.send_redirects = 0" ];
then echo "net.ipv4.conf.default.send_redirects = 0" >> /etc/sysctl.conf ;sysctl
-p >/dev/null;fi
#Configure cron
systemctl enable crond
#Ensure permissions
rm -f /etc/cron.deny
rm -f /etc/at.deny
touch /etc/cron.allow
touch /etc/at.allow
##Configure PAM
echo '#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth required pam_tally2.so per_user onerr=fail deny=5 no_magic_root
audit
auth sufficient pam_fprintd.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 1000 quiet_success
auth required pam_deny.so
echo '#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth required pam_tally2.so per_user onerr=fail deny=5 no_magic_root
audit
auth sufficient pam_fprintd.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 1000 quiet_success
auth required pam_deny.so
#Ensure Permissions