Guide to the Secure Configuration of Alibaba Cloud Linux 2
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Maximum audit log file size for auditd
The setting for max_log_file in /etc/audit/auditd.confValue -
Maximum KeepAlive Requests for HTTPD
The setting for MaxKeepAliveRequests in httpd.confValue -
Action for auditd to take when disk space just starts to run low
The setting for space_left_action in /etc/audit/auditd.confValue -
Software Integrity Checking
Both the AIDE (Advanced Intrusion Detection Environment) software and the RPM package management system provide mechanisms for verifying the integr...Group -
Integrity Scan Notification Email Address
Specify the email address for designated personnel if baseline configurations are changed in an unauthorized manner.Value -
Verify Integrity with RPM
The RPM package management system includes the ability to verify the integrity of installed packages by comparing the installed files with informat...Group -
The system-provided crypto policies
Specify the crypto policy for the system.Value -
Verify Integrity with AIDE
AIDE conducts integrity checks by comparing information about files with previously-gathered information. Ideally, the AIDE database is created imm...Group -
Install AIDE
Theaidepackage can be installed with the following command:$ sudo yum install aide
Rule Medium Severity -
Build and Test AIDE Database
Run the following command to generate a new database: <pre>$ sudo /usr/sbin/aide --init</pre> By default, the database will be written to the fil...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules