Skip to content
Log In

CloudLinux AlmaLinux OS 9 Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • AlmaLinux OS 9 must clear the page allocator to prevent use-after-free attacks.

    Poisoning writes an arbitrary value to freed pages, so any modification or reference to that page after being freed or before being initialized will be detected and prevented. This prevents many ...
    Rule Medium Severity
    Show

  • SRG-OS-000480-GPOS-00227

    Group
    Show

  • AlmaLinux OS 9 must display the date and time of the last successful account logon upon logon.

    Users need to be aware of activity that occurs regarding their account. Providing users with information regarding the number of unsuccessful attempts that were made to login to their account allow...
    Rule Medium Severity
    Show

  • SRG-OS-000480-GPOS-00227

    Group
    Show

  • SRG-OS-000480-GPOS-00227

    Group
    Show

  • AlmaLinux OS 9 policycoreutils-python-utils package must be installed.

    The policycoreutils-python-utils package is required to operate and manage an SELinux environment and its policies. It provides utilities such as semanage, audit2allow, audit2why, chcat, and sandbox.
    Rule Medium Severity
    Show

  • SRG-OS-000480-GPOS-00227

    Group
    Show

  • SRG-OS-000480-GPOS-00227

    Group
    Show

  • AlmaLinux OS 9 must have the rng-tools package installed.

    "rng-tools" provides hardware random number generator tools, such as those used in the formation of x509/PKI certificates.
    Rule Medium Severity
    Show

  • SRG-OS-000480-GPOS-00230

    Group
    Show

  • The SSH daemon must perform strict mode checking of home directory configuration files.

    If other users have access to modify user-specific SSH configuration files or read keys, they may be able to log into the system as another user.
    Rule Medium Severity
    Show

  • SRG-OS-000480-GPOS-00227

    Group
    Show

  • AlmaLinux OS 9 system accounts must not have an interactive login shell.

    Ensuring shells are not given to system accounts upon login makes it more difficult for attackers to make use of system accounts.
    Rule Medium Severity
    Show

  • SRG-OS-000480-GPOS-00227

    Group
    Show

  • AlmaLinux OS 9 must use a separate file system for /tmp.

    The "/tmp" partition is used as temporary storage by many programs. Placing "/tmp" in its own partition enables the setting of more restrictive mount options, which can help protect programs that u...
    Rule Medium Severity
    Show

  • SRG-OS-000480-GPOS-00227

    Group
    Show

  • Local AlmaLinux OS 9 initialization files must not execute world-writable programs.

    If user start-up files execute world-writable programs, especially in unprotected directories, they could be maliciously modified to destroy user files or otherwise compromise the system at the use...
    Rule Medium Severity
    Show

  • SRG-OS-000480-GPOS-00227

    Group
    Show

  • AlmaLinux OS 9 must use a separate file system for /var/log.

    Placing "/var/log" in its own partition enables better separation between log files and other files in "/var/".
    Rule Medium Severity
    Show

  • SRG-OS-000480-GPOS-00227

    Group
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules