VMware vSphere 7.0 vCenter Appliance Photon OS Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
The Photon operating system must be configured to protect the Secure Shell (SSH) public host key from unauthorized modification.
If a public host key file is modified by an unauthorized user, the SSH service may be compromised.Rule Medium Severity -
The Photon operating system must enforce password complexity on the root account.
Password complexity rules must apply to all accounts on the system, including root. Without specifying the "enforce_for_root flag", "pam_cracklib" does not apply complexity rules to the root user. ...Rule Medium Severity -
The Photon operating system must set the "umask" parameter correctly.
The "umask" value influences the permissions assigned to files when they are created. The "umask" setting in "login.defs" controls the permissions for a new user's home directory. By setting the pr...Rule Medium Severity -
The Photon operating system must configure sshd to disallow HostbasedAuthentication.
Secure Shell (SSH) trust relationships enable trivial lateral spread after a host compromise and therefore must be explicitly disabled.Rule Medium Severity -
The Photon operating system must disable systemd fallback Domain Name System (DNS).
Systemd contains an ability to set fallback DNS servers. This is used for DNS lookups in the event no system-level DNS servers are configured or other DNS servers are specified in the systemd "reso...Rule Medium Severity -
TheĀ Photon operating system YUM repository must cryptographically verify the authenticity of all software packages during installation.
Installation of any nontrusted software, patches, service packs, device drivers, or operating system components can significantly affect the overall security of the operating system. Cryptographica...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.