Skip to content
Log In

Guide to the Secure Configuration of Amazon Linux 2023

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Ensure /var/tmp Located On Separate Partition

    The /var/tmp directory is a world-writable directory used for temporary file storage. Ensure it has its own partition or logical volume at installation time, or migrate it using LVM.
    Rule Medium Severity
    Show

  • Sudo

    <code>Sudo</code>, which stands for "su 'do'", provides the ability to delegate authority to certain users, groups of users, or system administrators. When configured for system users and/or groups...
    Group
    Show

  • Sudo - logfile value

    Specify the sudo logfile to use. The default value used here matches the example location from CIS, which uses /var/log/sudo.log.
    Value
    Show

  • Sudo - timestamp_timeout value

    Defines the number of minutes that can elapse before <code>sudo</code> will ask for a passwd again. If set to a value less than 0 the user's time stamp will never expire. Defining 0 means always pr...
    Value
    Show

  • Require Re-Authentication When Using the sudo Command

    The sudo <code>timestamp_timeout</code> tag sets the amount of time sudo password prompt waits. The default <code>timestamp_timeout</code> value is 5 minutes. The timestamp_timeout should be config...
    Rule Medium Severity
    Show

  • Updating Software

    The <code>dnf</code> command line tool is used to install and update software packages. The system also provides a graphical software update tool in the <b>System</b> menu, in the <b>Administration...
    Group
    Show

  • Ensure gpgcheck Enabled In Main dnf Configuration

    The <code>gpgcheck</code> option controls whether RPM packages' signatures are always checked prior to installation. To configure dnf to check package signatures before installing them, ensure the ...
    Rule High Severity
    Show

  • Account and Access Control

    In traditional Unix security, if an attacker gains shell access to a certain login account, they can perform any action or access any file to which that account has access. Therefore, making it mor...
    Group
    Show

  • Warning Banners for System Accesses

    Each system should expose as little information about itself as possible. <br> <br> System banners, which are typically displayed just before a login prompt, give out information about the s...
    Group
    Show

  • Login Banner Verbiage

    Enter an appropriate login banner for your organization. Please note that new lines must be expressed by the '\n' character and special characters like parentheses and quotation marks must be escap...
    Value
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules