CloudLinux AlmaLinux OS 9 Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
AlmaLinux OS 9 must implement a systemwide encryption policy.
Centralized cryptographic policies simplify applying secure ciphers across an operating system and the applications that run on that operating system. Use of weak or untested encryption algorithms ...Rule Medium Severity -
AlmaLinux OS 9 must terminate idle user sessions.
Terminating an idle session within a short time period reduces the window of opportunity for unauthorized personnel to take control of a management session enabled on the console or console port th...Rule Medium Severity -
AlmaLinux OS 9 must restrict exposed kernel pointer addresses access.
Exposing kernel pointers (through procfs or "seq_printf()") exposes kernel writeable structures, which may contain functions pointers. If a write vulnerability occurs in the kernel, allowing write ...Rule Medium Severity -
AlmaLinux OS 9 must restrict usage of ptrace to descendant processes.
Unrestricted usage of ptrace allows compromised binaries to run ptrace on other processes of the user. Like this, the attacker can steal sensitive information from the target processes (e.g. SSH se...Rule Medium Severity -
AlmaLinux OS 9 local disk partitions must implement cryptographic mechanisms to prevent unauthorized disclosure or modification of all information that requires at rest protection.
AlmaLinux OS 9 systems handling data requiring "data at rest" protections must employ cryptographic mechanisms to prevent unauthorized disclosure and modification of the information at rest. Selec...Rule High Severity -
AlmaLinux OS 9 must use a Linux Security Module configured to enforce limits on system services.
An isolation boundary provides access control and protects the integrity of the hardware, software, and firmware that perform security functions. Security functions are the hardware, software, and...Rule Medium Severity -
Any AlmaLinux OS 9 world-writable directories must be owned by root, sys, bin, or an application user.
If a world-writable directory is not owned by root, sys, bin, or an application user identifier (UID), unauthorized users may be able to modify files created by others. The only authorized public ...Rule Medium Severity -
A sticky bit must be set on all AlmaLinux OS 9 public directories.
Preventing unauthorized information transfers mitigates the risk of information, including encrypted representations of information, produced by the actions of prior users/roles (or the actions of ...Rule Medium Severity -
All AlmaLinux OS 9 networked systems must implement SSH to protect the confidentiality and integrity of transmitted and received information, including information being prepared for transmission.
Without protection of the transmitted information, confidentiality and integrity may be compromised because unprotected communications can be intercepted and either read or altered. This requireme...Rule Medium Severity -
AlmaLinux OS 9 wireless network adapters must be disabled.
This requirement applies to wireless peripheral technologies (e.g., wireless mice, keyboards, displays, etc.) used with AlmaLinux OS 9 systems. Wireless peripherals (e.g., Wi-Fi/Bluetooth/IR keybo...Rule Medium Severity -
AlmaLinux OS 9 /var/log/messages file must have mode 0640 or less permissive.
Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational state or can identify the AlmaLinux OS 9 system o...Rule Medium Severity -
AlmaLinux OS 9 must clear SLUB/SLAB objects to prevent use-after-free attacks.
Poisoning writes an arbitrary value to freed pages, so any modification or reference to that page after being freed or before being initialized will be detected and prevented. This prevents many ...Rule Medium Severity -
AlmaLinux OS 9 must have the Advanced Intrusion Detection Environment (AIDE) package installed.
Without verification of the security functions, security functions may not operate correctly and the failure may go unnoticed. Security function is defined as the hardware, software, and/or firmwar...Rule Medium Severity -
Successful/unsuccessful uses of the init command in AlmaLinux OS 9 must generate an audit record.
Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or...Rule Medium Severity -
AlmaLinux OS 9 must enable Linux audit logging for the USBGuard daemon.
Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or...Rule Medium Severity -
The audit package must be installed on AlmaLinux OS 9.
Without establishing what type of events occurred, the source of events, where events occurred, and the outcome of events, it would be difficult to establish, correlate, and investigate the events ...Rule Medium Severity -
AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /var/log/lastlog.
Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or...Rule Medium Severity -
AlmaLinux OS 9 must generate audit records for any use of the "mount" command.
Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or...Rule Medium Severity -
Successful/unsuccessful uses of the umount2 system call in AlmaLinux OS 9 must generate an audit record.
Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or...Rule Medium Severity -
AlmaLinux OS 9 must generate audit records for any use of the "chage" command.
Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.