Hello, everyone!
Today, I'd like to share you about impacts of NCE security haedening.
Background
After NCE is installed, EulerOS is hardened by default. Configuration files of all hardening items are stored in the /opt/NCEICMR directory.
Major Affected Item | Effect Description |
Permissions on the su command | Only accounts in the root and wheel groups are allowed to use the su command (used to switch between different accounts). |
SSH remote login permission of users | Remotely log in to the OS as the ossadm or omm user in SSH mode and run the su command to switch to other users. The SSH permission of other users is disabled. |
SFTP transfer permission of users | The SFTP file transfer mode is available for the ftpuser and ossadm users and the permission of other users is disabled.
When you use FileZilla to log in to the system as the ftpuser user in SFTP mode, the root directory of the ftpuser user is /opt/backup/ftpboot. You are advised to use the ftproot subdirectory to upload or download files. |
Lockout after consecutive login failures | OS user accounts are locked if login fails five consecutive times. The account will be locked for 300 seconds. During the locking period, the account cannot be used to log in to the system. |
Timeout period for character interfaces | After a user logs in to the system in SSH mode and the character interface is idle for over 300 seconds, the character interface automatically exits. |
Welcome to leave a message below.
We study together.
Thank you!
