Guide to the Secure Configuration of Alibaba Cloud Linux 2
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Enable automatic signing of all modules
Sign all modules during make modules_install. Without this option, modules must be signed manually, using the scripts/sign-file tool. The configuration that was used to build kernel is available a...Rule Medium Severity -
Require modules to be validly signed
Reject unsigned modules or signed modules with an unknown key. The configuration that was used to build kernel is available at <code>/boot/config-*</code>. To check the configuration value for...Rule Medium Severity -
Specify the hash to use when signing modules
This configures the kernel to build and sign modules using <xccdf-1.2:sub idref="xccdf_org.ssgproject.content_value_var_kernel_config_module_sig_hash" use="legacy"></xccdf-1.2:sub> as the hash func...Rule Medium Severity -
Specify module signing key to use
Setting this option to something other than its default of <code>certs/signing_key.pem</code> will disable the autogeneration of signing keys and allow the kernel modules to be signed with a key of...Rule Medium Severity -
Sign kernel modules with SHA-512
This configures the kernel to build and sign modules using SHA512 as the hash function. The configuration that was used to build kernel is available at <code>/boot/config-*</code>. To check th...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules