Many moon ago I developed a CentOS security/performance enhancement procedure using chkconfig. It ensured our company base installs started the minimum (i.e. if you don't use cups why start it) services. A NMAP scan of the system typically resulted in port 22 available. That same procedure was used for all RedHat installs also.
I remember insisting to a vendor that our group be given the tasks of installing and configuring the O/S on their platforms as part of project scope. It was a battle but the confidence you have from knowing, goes a long way to reducing stress when reports of O/S vulnerabilities were circulated.
I don't know if such a process exists for systemd installs. I sure would like to have one.
Many moon ago I developed a CentOS security/performance enhancement procedure using chkconfig. It ensured our company base installs started the minimum (i.e. if you don't use cups why start it) services. A NMAP scan of the system typically resulted in port 22 available. That same procedure was used for all RedHat installs also.
I remember insisting to a vendor that our group be given the tasks of installing and configuring the O/S on their platforms as part of project scope. It was a battle but the confidence you have from knowing, goes a long way to reducing stress when reports of O/S vulnerabilities were circulated.
I don't know if such a process exists for systemd installs. I sure would like to have one.
