Skip to content
Log In

CloudLinux AlmaLinux OS 9 Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • SRG-OS-000095-GPOS-00049

    Group
    Show

  • AlmaLinux OS 9 must not have the rsh-server package installed.

    The "rsh-server" service provides unencrypted remote access service, which does not provide for the confidentiality and integrity of user passwords or the remote session and has very weak authentic...
    Rule Medium Severity
    Show

  • SRG-OS-000095-GPOS-00049

    Group
    Show

  • SRG-OS-000095-GPOS-00049

    Group
    Show

  • A graphical display manager must not be installed on AlmaLinux OS 9 unless approved.

    Unnecessary service packages must not be installed to decrease the attack surface of the system. Graphical display managers have a long history of security vulnerabilities and must not be used, unl...
    Rule Medium Severity
    Show

  • SRG-OS-000095-GPOS-00049

    Group
    Show

  • AlmaLinux OS 9 must not have the ypserv package installed.

    The NIS service provides an unencrypted authentication service, which does not provide for the confidentiality and integrity of user passwords or the remote session. Removing the "ypserv" package ...
    Rule Medium Severity
    Show

  • SRG-OS-000095-GPOS-00049

    Group
    Show

  • AlmaLinux OS 9 must not have the avahi package installed.

    The avahi package provides the zeroconf capability to discover remote services such as printers and announce itself as a service for sharing files and devices.
    Rule Medium Severity
    Show

  • SRG-OS-000095-GPOS-00049

    Group
    Show

  • AlmaLinux OS 9 must be configured to disable USB mass storage.

    USB mass storage permits easy introduction of unknown devices, thereby facilitating malicious activity. Satisfies: SRG-OS-000095-GPOS-00049, SRG-OS-000378-GPOS-00163, SRG-OS-000114-GPOS-00059, SRG...
    Rule Medium Severity
    Show

  • SRG-OS-000096-GPOS-00050

    Group
    Show

  • SRG-OS-000327-GPOS-00127

    Group
    Show

  • SRG-OS-000327-GPOS-00127

    Group
    Show

  • AlmaLinux OS 9 must require users to provide a password for privilege escalation.

    Without re-authentication, users may access resources or perform tasks for which they do not have authorization. When operating systems provide the capability to escalate a functional capability,...
    Rule Medium Severity
    Show

  • SRG-OS-000327-GPOS-00127

    Group
    Show

  • AlmaLinux OS 9 must not be configured to bypass password requirements for privilege escalation.

    Without re-authentication, users may access resources or perform tasks for which they do not have authorization. When operating systems provide the capability to escalate a functional capability,...
    Rule Medium Severity
    Show

  • SRG-OS-000327-GPOS-00127

    Group
    Show

  • AlmaLinux OS 9 must require reauthentication when using the "sudo" command.

    Without re-authentication, users may access resources or perform tasks for which they do not have authorization. When operating systems provide the capability to escalate a functional capability,...
    Rule Medium Severity
    Show

  • SRG-OS-000109-GPOS-00056

    Group
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules