Guide to the Secure Configuration of Oracle Linux 10
Rules, Groups, and Values defined within the XCCDF Benchmark
-
System Security Services Daemon (SSSD) - LDAP
The System Security Services Daemon (SSSD) is a system daemon that provides access to different identity and authentication providers such as Red H...Group -
Configure SSSD LDAP Backend Client to Demand a Valid Certificate from the Server
Configure SSSD to demand a valid certificate from the server to protect the integrity of LDAP remote access sessions by setting the <pre>ldap_tls_r...Rule Medium Severity -
Configure Maximum Number of Autoconfigured Addresses on All IPv6 Interfaces By Default
To set the runtime status of the <code>net.ipv6.conf.default.max_addresses</code> kernel parameter, run the following command: <pre>$ sudo sysctl -...Rule Unknown Severity -
Configure Denying Router Solicitations on All IPv6 Interfaces By Default
To set the runtime status of the <code>net.ipv6.conf.default.router_solicitations</code> kernel parameter, run the following command: <pre>$ sudo s...Rule Unknown Severity -
Kernel Parameters Which Affect Networking
The <code>sysctl</code> utility is used to set parameters which affect the operation of the Linux kernel. Kernel parameters which affect networking...Group -
Network Related Kernel Runtime Parameters for Hosts and Routers
Certain kernel parameters should be set for systems which are acting as either hosts or routers to improve the system's ability defend against cert...Group -
net.ipv4.conf.all.accept_redirects
Disable ICMP Redirect AcceptanceValue -
net.ipv4.conf.all.accept_source_route
Trackers could be using source-routed packets to generate traffic that seems to be intra-net, but actually was created outside and has been redirec...Value -
Verify User Who Owns /etc/crypttab File
To properly set the owner of/etc/crypttab, run the command:$ sudo chown root /etc/crypttab
Rule Medium Severity -
Verify User Who Owns System.map Files
The System.map files are symbol map files generated during the compilation of the Linux kernel. They contain the mapping between kernel symbols and...Rule Low Severity -
Verify Permissions On /etc/crypttab File
To properly set the permissions of/etc/crypttab, run the command:$ sudo chmod 0600 /etc/crypttab
Rule Medium Severity -
Ensure /srv Located On Separate Partition
If a file server (FTP, TFTP...) is hosted locally, create a separate partition for <code>/srv</code> at installation time (or migrate it later usin...Rule Unknown Severity -
Ensure /var Located On Separate Partition
The <code>/var</code> directory is used by daemons and other system services to store frequently-changing data. Ensure that <code>/var</code> has i...Rule Low Severity -
Ensure /var/log Located On Separate Partition
System logs are stored in the <code>/var/log</code> directory. Ensure that <code>/var/log</code> has its own partition or logical volume at instal...Rule Low Severity -
Ensure /var/log/audit Located On Separate Partition
Audit logs are stored in the <code>/var/log/audit</code> directory. Ensure that <code>/var/log/audit</code> has its own partition or logical volum...Rule Low Severity -
GRUB2 bootloader configuration
During the boot process, the boot loader is responsible for starting the execution of the kernel and passing options to it. The boot loader allows ...Group -
L1TF vulnerability mitigation
Defines the L1TF vulneratility mitigations to employ.Value -
MDS vulnerability mitigation
Defines the MDS vulneratility mitigation to employ.Value -
Confidence level on Hardware Random Number Generator
Defines the level of trust on the hardware random number generators available in the system and the percentage of entropy to credit.Value -
Spec Store Bypass Mitigation
This controls how the Speculative Store Bypass (SSB) vulnerability is mitigated.Value
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.