Guide to the Secure Configuration of Amazon Linux 2023
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Verify ownership of Message of the Day Banner
To properly set the owner of/etc/motd, run the command:$ sudo chown root /etc/motd
Rule Medium Severity -
Protect Accounts by Configuring PAM
PAM, or Pluggable Authentication Modules, is a system which implements modular authentication for Linux programs. PAM provides a flexible and configurable architecture for authentication, and it sh...Group -
Password Hashing algorithm
Specify the system default encryption algorithm for encrypting passwords. Defines the value set as ENCRYPT_METHOD in /etc/login.defs.Value -
Password Hashing algorithm for pam_unix.so
Specify the system default encryption algorithm for encrypting passwords. Defines the hashing algorithm to be used in pam_unix.so.Value -
Set Lockouts for Failed Password Attempts
The <code>pam_faillock</code> PAM module provides the capability to lock out user accounts after a number of failed login attempts. Its documentation is available in <code>/usr/share/doc/pam-VERSIO...Group -
fail_deny
Number of failed login attempts before account lockoutValue -
faillock directory
The directory where the user files with the failure records are keptValue -
fail_unlock_time
Seconds before automatic unlocking or permanently locking after excessive failed loginsValue -
pwhistory_remember
Prevent password re-use using password history lookupValue -
PAM pwhistory remember - control flag
'Specify the control flag required for password remember requirement. If multiple values are allowed write them separated by commas as in "required,requisite", for remediations the first value will...Value
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules