Skip to content
ATO Pathways
  Log In

Guide to the Secure Configuration of Fedora

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Log USBGuard daemon audit events using Linux Audit

    To configure USBGuard daemon to log via Linux Audit (as opposed directly to a file), <code>AuditBackend</code> option in <code>/etc/usbguard/usbgua...
    Rule Low Severity
    Show

  • Authorize Human Interface Devices in USBGuard daemon

    To allow authorization of Human Interface Devices (keyboard, mouse) by USBGuard daemon, add the line <code>allow with-interface match-all { 03:*:* ...
    Rule Medium Severity
    Show

  • Root Shell Environment Assumed

    Most of the actions listed in this document are written with the assumption that they will be executed by the root user running the <code>/bin/bash...
    Group
    Show

  • Remove the X Windows Package Group

    By removing the xorg-x11-server-common package, the system no longer has X Windows installed. If X Windows is not installed then the system cannot ...
    Rule Medium Severity
    Show

  • Disable X Windows Startup By Setting Default Target

    Systems that do not require a graphical user interface should only boot by default into <code>multi-user.target</code> mode. This prevents accident...
    Rule Medium Severity
    Show

  • Introduction

    The purpose of this guidance is to provide security configuration recommendations and baselines for the Fedora operating system. Recommended settin...
    Group
    Show

  • General Principles

    The following general principles motivate much of the advice in this guide and should also influence any configuration decisions that are not expli...
    Group
    Show

  • Encrypt Transmitted Data Whenever Possible

    Data transmitted over a network, whether wired or wireless, is susceptible to passive monitoring. Whenever practical solutions for encrypting such ...
    Group
    Show

  • Least Privilege

    Grant the least privilege necessary for user accounts and software to perform tasks. For example, <code>sudo</code> can be implemented to limit aut...
    Group
    Show

  • Minimize Software to Minimize Vulnerability

    The simplest way to avoid vulnerabilities in software is to avoid installing that software. On Fedora,the RPM Package Manager (originally Red Hat P...
    Group
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules