CloudLinux AlmaLinux OS 9 Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-OS-000366-GPOS-00153
Group -
AlmaLinux OS 9 must check the GPG signature of repository metadata before package installation.
Changes to any software components can have significant effects on the overall security of the operating system. This requirement ensures the software has not been tampered with and that it has bee...Rule High Severity -
SRG-OS-000366-GPOS-00153
Group -
AlmaLinux OS 9 must have GPG signature verification enabled for all software repositories.
Changes to any software components can have significant effects on the overall security of the operating system. This requirement ensures the software has not been tampered with and that it has bee...Rule High Severity -
SRG-OS-000366-GPOS-00153
Group -
AlmaLinux OS 9 must prevent the loading of a new kernel for later execution.
Changes to any software components can have significant effects on the overall security of the operating system. This requirement ensures the software has not been tampered with and that it has bee...Rule Medium Severity -
SRG-OS-000259-GPOS-00100
Group -
SRG-OS-000259-GPOS-00100
Group -
AlmaLinux OS 9 system commands must be owned by root.
If AlmaLinux OS 9 allowed any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robust ...Rule Medium Severity -
SRG-OS-000259-GPOS-00100
Group -
SRG-OS-000259-GPOS-00100
Group -
AlmaLinux OS 9 library directories must be group-owned by root or a system account.
If AlmaLinux OS 9 allowed any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robust ...Rule Medium Severity -
SRG-OS-000259-GPOS-00100
Group -
AlmaLinux OS 9 library directories must be owned by root.
If AlmaLinux OS 9 allowed any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robust ...Rule Medium Severity -
SRG-OS-000259-GPOS-00100
Group -
SRG-OS-000259-GPOS-00100
Group -
AlmaLinux OS 9 library files must be group-owned by root or a system account.
If AlmaLinux OS 9 allowed any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robust ...Rule Medium Severity -
SRG-OS-000259-GPOS-00100
Group -
AlmaLinux OS 9 library files must be owned by root.
If AlmaLinux OS 9 allowed any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robust ...Rule Medium Severity -
SRG-OS-000259-GPOS-00100
Group -
AlmaLinux OS 9 library files must have mode 755 or less permissive.
If AlmaLinux OS 9 allowed any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robust ...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
Group -
AlmaLinux OS 9 must disable core dumps for all users.
A core dump includes a memory image taken at the time the operating system terminates an application. The memory image could contain sensitive data and is generally useful only for developers or sy...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
Group -
SRG-OS-000480-GPOS-00227
Group -
SRG-OS-000480-GPOS-00227
Group -
AlmaLinux OS 9 must disable core dump backtraces.
A core dump includes a memory image taken at the time the operating system terminates an application. The memory image could contain sensitive data and is generally useful only for developers or sy...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
Group -
SRG-OS-000480-GPOS-00227
Group -
SRG-OS-000480-GPOS-00227
Group -
AlmaLinux OS 9 cron configuration files directory must be owned by root.
Service configuration files enable or disable features of their respective services that if configured incorrectly can lead to insecure and vulnerable configurations; therefore, service configurati...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
Group -
AlmaLinux OS 9 cron configuration directories must have a mode of 0700 or less permissive.
Service configuration files enable or disable features of their respective services that if configured incorrectly can lead to insecure and vulnerable configurations. Therefore, service configurati...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
Group -
SRG-OS-000480-GPOS-00227
Group -
AlmaLinux OS 9 must disable the ability of a user to accidentally press Ctrl-Alt-Del and cause a system to shut down or reboot.
A locally logged-in user who presses Ctrl-Alt-Del, when at the console, can reboot the system. If accidentally pressed, as could happen in the case of mixed OS environment, this can create the risk...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
Group -
AlmaLinux OS 9 must prevent a user from overriding the Ctrl-Alt-Del sequence settings for the graphical user interface.
A locally logged-in user who presses Ctrl-Alt-Del, when at the console, can reboot the system. If accidentally pressed, as could happen in the case of mixed OS environment, this can create the risk...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
Group -
SRG-OS-000480-GPOS-00227
Group -
All AlmaLinux OS 9 local files and directories must have a valid owner.
Unowned files and directories may be unintentionally inherited if a user is assigned the same user identifier "UID" as the UID of the unowned files.Rule Medium Severity -
SRG-OS-000480-GPOS-00227
Group -
AlmaLinux OS 9 /etc/group- file must be group owned by root.
The "/etc/group-" file is a backup file of "/etc/group", and as such, contains information regarding groups that are configured on the system. Protection of this file is important for system security.Rule Medium Severity -
SRG-OS-000480-GPOS-00227
Group -
AlmaLinux OS 9 /etc/group- file must be owned by root.
The "/etc/group-" file is a backup file of "/etc/group", and as such, contains information regarding groups that are configured on the system. Protection of this file is important for system security.Rule Medium Severity -
SRG-OS-000480-GPOS-00227
Group -
AlmaLinux OS 9 /etc/group- file must have mode 0644 or less permissive to prevent unauthorized access.
The "/etc/group-" file is a backup file of "/etc/group", and as such, contains information regarding groups that are configured on the system. Protection of this file is important for system security.Rule Medium Severity -
SRG-OS-000480-GPOS-00227
Group -
AlmaLinux OS 9 /etc/group file must be group owned by root.
The "/etc/group" file contains information regarding groups that are configured on the system. Protection of this file is important for system security.Rule Medium Severity -
SRG-OS-000480-GPOS-00227
Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.