CloudLinux AlmaLinux OS 9 Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
AlmaLinux OS 9 /etc/shadow- file must have mode 0000 or less permissive to prevent unauthorized access.
The "/etc/shadow-" file is a backup file of "/etc/shadow", and as such, contains the list of local system accounts and password hashes. Protection of this file is critical for system security.Rule Medium Severity -
SRG-OS-000480-GPOS-00227
Group -
SRG-OS-000480-GPOS-00227
Group -
SRG-OS-000480-GPOS-00227
Group -
AlmaLinux OS 9 /etc/shadow file must have mode 0000 to prevent unauthorized access.
The "/etc/shadow" file contains the list of local system accounts and stores password hashes. Protection of this file is critical for system security. Failure to give ownership of this file to root...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
Group -
AlmaLinux OS 9 must restrict privilege elevation to authorized personnel.
If the "sudoers" file is not configured correctly, any user defined on the system can initiate privileged actions on the target system.Rule Medium Severity -
SRG-OS-000480-GPOS-00227
Group -
SRG-OS-000480-GPOS-00228
Group -
AlmaLinux OS 9 must set the umask value to 077 for all local interactive user accounts.
Setting the most restrictive default permissions ensures that when new accounts are created they do not have unnecessary access. With a UMASK of 077, files will be created with 0600 permissions (o...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.