Skip to content
ATO Pathways
  Log In

Guide to the Secure Configuration of Alibaba Cloud Linux 2

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Make the auditd Configuration Immutable

    If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default),...
    Rule Medium Severity
    Show

  • Record Events that Modify the System's Mandatory Access Controls

    If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default),...
    Rule Medium Severity
    Show

  • Record Events that Modify the System's Mandatory Access Controls in usr/share

    If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default),...
    Rule Medium Severity
    Show

  • Ensure auditd Collects Information on Exporting to Media (successful)

    At a minimum, the audit system should collect media exportation events for all users and root. If the <code>auditd</code> daemon is configured to u...
    Rule Medium Severity
    Show

  • Record Events that Modify the System's Network Environment

    If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default),...
    Rule Medium Severity
    Show

  • Record Attempts to Alter Process and Session Initiation Information

    The audit system already collects process information for all users and root. If the <code>auditd</code> daemon is configured to use the <code>auge...
    Rule Medium Severity
    Show

  • Ensure auditd Collects System Administrator Actions

    At a minimum, the audit system should collect administrator actions for all users and root. If the <code>auditd</code> daemon is configured to use ...
    Rule Medium Severity
    Show

  • The percentage remaining in disk space before prompting space_left_action

    The setting for space_left as a percentage in /etc/audit/auditd.conf
    Value
    Show

  • Kernel panic timeout

    The time, in seconds, to wait until a reboot occurs. If the value is <code>0</code> the system never reboots. If the value is less than <code>0</co...
    Value
    Show

  • cobbler_use_cifs SELinux Boolean

    default - Default SELinux boolean setting.
    on - SELinux boolean is enabled.
    off - SELinux boolean is disabled.
    Value
    Show

  • Record Events that Modify User/Group Information

    If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default),...
    Rule Medium Severity
    Show

  • Record Events that Modify User/Group Information - /etc/group

    If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default),...
    Rule Medium Severity
    Show

  • Verify Permissions on passwd File

    To properly set the permissions of /etc/passwd, run the command: 
    $ sudo chmod 0644 /etc/passwd
    Rule Medium Severity
    Show

  • Verify Permissions on shadow File

    To properly set the permissions of /etc/shadow, run the command: 
    $ sudo chmod 0000 /etc/shadow
    Rule Medium Severity
    Show

  • Verify Permissions on Files within /var/log Directory

    The /var/log directory contains files with logs of error messages in the system and should only be accessed by authorized personnel.
    Group
    Show

  • Verify Group Who Owns /var/log Directory

    To properly set the group owner of /var/log, run the command: 
    $ sudo chgrp root /var/log
    Rule Medium Severity
    Show

  • Verify Group Who Owns /var/log/messages File

    To properly set the group owner of /var/log/messages, run the command: 
    $ sudo chgrp root /var/log/messages
    Rule Medium Severity
    Show

  • Verify Group Who Owns /var/log/syslog File

    To properly set the group owner of /var/log/syslog, run the command: 
    $ sudo chgrp adm /var/log/syslog
    Rule Medium Severity
    Show

  • Verify User Who Owns /var/log Directory

    To properly set the owner of /var/log, run the command: 
    $ sudo chown root /var/log
    Rule Medium Severity
    Show

  • Verify User Who Owns /var/log/messages File

    To properly set the owner of /var/log/messages, run the command: 
    $ sudo chown root /var/log/messages
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules