Skip to content

Guide to the Secure Configuration of Fedora

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Configure low address space to protect from user allocation

    This is the portion of low virtual memory which should be protected from userspace allocation. This configuration is available from kernel 3.14, bu...
    Rule Medium Severity
  • Disable /dev/kmem virtual device support

    Disable support for the /dev/kmem device. The configuration that was used to build kernel is available at <code>/boot/config-*</code>. To chec...
    Rule Low Severity
  • Harden common str/mem functions against buffer overflows

    Detect overflows of buffers in common string and memory functions where the compiler can determine and validate the buffer sizes. This configuratio...
    Rule Medium Severity
  • Harden memory copies between kernel and userspace

    This option checks for obviously wrong memory regions when copying memory to/from the kernel (via copy_to_user() and copy_from_user() functions) by...
    Rule High Severity
  • Do not allow usercopy whitelist violations to fallback to object size

    This is a temporary option that allows missing usercopy whitelists to be discovered via a WARN() to the kernel log, instead of rejecting the copy, ...
    Rule High Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules