Guide to the Secure Configuration of Fedora
Rules, Groups, and Values defined within the XCCDF Benchmark
-
guest_exec_content SELinux Boolean
default - Default SELinux boolean setting.
on - SELinux boolean is enabled.
off - SELinux boolean is disabled.Value -
Configure Speculative Store Bypass Mitigation
Certain CPUs are vulnerable to an exploit against a common wide industry wide performance optimization known as Speculative Store Bypass (SSB). In...Rule Medium Severity -
Enforce Spectre v2 mitigation
Spectre V2 is an indirect branch poisoning attack that can lead to data leakage. An exploit for Spectre V2 tricks the indirect branch predictor int...Rule High Severity -
Ensure debug-shell service is not enabled during boot
systemd's <code>debug-shell</code> service is intended to diagnose systemd related boot issues with various <code>systemctl</code> commands. Once e...Rule Medium Severity -
Disable vsyscalls
To disable use of virtual syscalls, add the argument <code>vsyscall=none</code> to the default GRUB 2 command line for the Linux operating system. ...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules