Skip to content

Guide to the Secure Configuration of Debian 11

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Restrict Programs from Dangerous Execution Patterns

    The recommendations in this section are designed to ensure that the system's features to protect against potentially dangerous program execution ar...
    Group
  • kernel.unprivileged_bpf_disabled

    Prevent unprivileged processes from using the bpf() syscall.
    Value
  • Disable the uvcvideo module

    If the device contains a camera it should be covered or disabled when not in use.
    Rule Medium Severity
  • Kernel panic on oops

    To set the runtime status of the <code>kernel.panic_on_oops</code> kernel parameter, run the following command: <pre>$ sudo sysctl -w kernel.panic_...
    Rule Medium Severity
  • Disable Core Dumps

    A core dump file is the memory image of an executable program when it was terminated by the operating system due to errant behavior. In most cases,...
    Group

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules