Guide to the Secure Configuration of Fedora
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Record Information on the Use of Privileged Commands
At a minimum, the audit system should collect the execution of privileged commands for all users and root.Group -
Records Events that Modify Date and Time Information
Arbitrary changes to the system time can be used to obfuscate nefarious activities in log files, as well as to confuse network services that are highly dependent upon an accurate system time. All c...Group -
Record Events that Modify the System's Discretionary Access Controls - chown
At a minimum, the audit system should collect file permission changes for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audi...Rule Medium Severity -
Record Events that Modify the System's Discretionary Access Controls - fchmod
At a minimum, the audit system should collect file permission changes for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audi...Rule Medium Severity -
Record Events that Modify the System's Discretionary Access Controls - fchown
At a minimum, the audit system should collect file permission changes for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audi...Rule Medium Severity -
Record Events that Modify the System's Discretionary Access Controls - fchownat
At a minimum, the audit system should collect file permission changes for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audi...Rule Medium Severity -
Record Events that Modify the System's Discretionary Access Controls - fsetxattr
At a minimum, the audit system should collect file permission changes for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audi...Rule Medium Severity -
Record Events that Modify the System's Discretionary Access Controls - lsetxattr
At a minimum, the audit system should collect file permission changes for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audi...Rule Medium Severity -
Record Events that Modify the System's Discretionary Access Controls - setxattr
At a minimum, the audit system should collect file permission changes for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audi...Rule Medium Severity -
Record Any Attempts to Run chacl
At a minimum, the audit system should collect any execution attempt of the <code>chacl</code> command for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenr...Rule Medium Severity -
Record Any Attempts to Run setfacl
At a minimum, the audit system should collect any execution attempt of the <code>setfacl</code> command for all users and root. If the <code>auditd</code> daemon is configured to use the <code>auge...Rule Medium Severity -
Record Any Attempts to Run chcon
At a minimum, the audit system should collect any execution attempt of the <code>chcon</code> command for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenr...Rule Medium Severity -
Record Any Attempts to Run restorecon
At a minimum, the audit system should collect any execution attempt of the <code>restorecon</code> command for all users and root. If the <code>auditd</code> daemon is configured to use the <code>a...Rule Medium Severity -
Record Any Attempts to Run setfiles
At a minimum, the audit system should collect any execution attempt of the <code>setfiles</code> command for all users and root. If the <code>auditd</code> daemon is configured to use the <code>aug...Rule Medium Severity -
Record Any Attempts to Run setsebool
At a minimum, the audit system should collect any execution attempt of the <code>setsebool</code> command for all users and root. If the <code>auditd</code> daemon is configured to use the <code>au...Rule Medium Severity -
Record Any Attempts to Run seunshare
At a minimum, the audit system should collect any execution attempt of the <code>seunshare</code> command for all users and root. If the <code>auditd</code> daemon is configured to use the <code>au...Rule Medium Severity -
Ensure auditd Collects Unauthorized Access Attempts to Files (unsuccessful)
At a minimum the audit system should collect unauthorized file accesses for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read au...Rule Medium Severity -
Ensure auditd Collects File Deletion Events by User - rename
At a minimum, the audit system should collect file deletion events for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit r...Rule Medium Severity -
Ensure auditd Collects File Deletion Events by User - renameat
At a minimum, the audit system should collect file deletion events for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit r...Rule Medium Severity -
Ensure auditd Collects File Deletion Events by User - rmdir
At a minimum, the audit system should collect file deletion events for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit r...Rule Medium Severity -
Ensure auditd Collects File Deletion Events by User - unlink
At a minimum, the audit system should collect file deletion events for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit r...Rule Medium Severity -
Ensure auditd Collects Information on the Use of Privileged Commands - poweroff
At a minimum, the audit system should collect the execution of privileged commands for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program...Rule Medium Severity -
Record Successful Permission Changes to Files - chmod
At a minimum, the audit system should collect file permission changes for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audi...Rule Medium Severity -
Record Successful Ownership Changes to Files - chown
At a minimum, the audit system should collect file ownership changes for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit...Rule Medium Severity -
Record Successful Access Attempts to Files - creat
At a minimum, the audit system should collect unauthorized file accesses for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read a...Rule Medium Severity -
Record Successful Permission Changes to Files - fchmod
At a minimum, the audit system should collect file permission changes for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audi...Rule Medium Severity -
Record Successful Ownership Changes to Files - fchown
At a minimum, the audit system should collect file ownership changes for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit...Rule Medium Severity -
Record Successful Ownership Changes to Files - fchownat
At a minimum, the audit system should collect file ownership changes for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit...Rule Medium Severity -
Record Successful Permission Changes to Files - fremovexattr
At a minimum, the audit system should collect file permission changes for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audi...Rule Medium Severity -
Record Successful Permission Changes to Files - fsetxattr
At a minimum, the audit system should collect file permission changes for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audi...Rule Medium Severity -
Record Successful Ownership Changes to Files - lchown
At a minimum, the audit system should collect file ownership changes for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit...Rule Medium Severity -
Record Successful Permission Changes to Files - lremovexattr
At a minimum, the audit system should collect file permission changes for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audi...Rule Medium Severity -
Record Successful Permission Changes to Files - lsetxattr
At a minimum, the audit system should collect file permission changes for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audi...Rule Medium Severity -
Record Successful Access Attempts to Files - open
At a minimum, the audit system should collect unauthorized file accesses for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read a...Rule Medium Severity -
Record Successful Creation Attempts to Files - open_by_handle_at O_CREAT
The <code>open_by_handle_at</code> syscall can be used to create new files when O_CREAT flag is specified. The following audit rules will assure that successful attempts to create a file via <code...Rule Medium Severity -
Record Successful Creation Attempts to Files - open_by_handle_at O_TRUNC_WRITE
The audit system should collect detailed file access records for all users and root. The <code>open_by_handle_at</code> syscall can be used to modify files if called for write operation with the O_...Rule Medium Severity -
Record Successful Creation Attempts to Files - open O_CREAT
The <code>open</code> syscall can be used to create new files when O_CREAT flag is specified. The following audit rules will assure that successful attempts to create a file via <code>open</code> ...Rule Medium Severity -
Record Successful Creation Attempts to Files - open O_TRUNC_WRITE
The audit system should collect detailed file access records for all users and root. The <code>open</code> syscall can be used to modify files if called for write operation with the O_TRUNC_WRITE f...Rule Medium Severity -
Record Successful Creation Attempts to Files - openat O_CREAT
The <code>openat</code> syscall can be used to create new files when O_CREAT flag is specified. The following audit rules will assure that successful attempts to create a file via <code>openat</co...Rule Medium Severity -
Record Successful Creation Attempts to Files - openat O_TRUNC_WRITE
The audit system should collect detailed file access records for all users and root. The <code>openat</code> syscall can be used to modify files if called for write operation with the O_TRUNC_WRITE...Rule Medium Severity -
Record Successful Permission Changes to Files - removexattr
At a minimum, the audit system should collect file permission changes for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audi...Rule Medium Severity -
Record Successful Delete Attempts to Files - rename
At a minimum, the audit system should collect file deletion for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules du...Rule Medium Severity -
Record Successful Permission Changes to Files - setxattr
At a minimum, the audit system should collect file permission changes for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audi...Rule Medium Severity -
Record Successful Access Attempts to Files - truncate
At a minimum, the audit system should collect unauthorized file accesses for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read a...Rule Medium Severity -
Record Successful Delete Attempts to Files - unlink
At a minimum, the audit system should collect file deletion for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules du...Rule Medium Severity -
Record Successful Delete Attempts to Files - unlinkat
At a minimum, the audit system should collect file deletion for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules du...Rule Medium Severity -
Record Unsuccessful Ownership Changes to Files - chown
The audit system should collect unsuccessful file ownership change attempts for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to rea...Rule Medium Severity -
Record Unsuccessful Permission Changes to Files - fchmod
The audit system should collect unsuccessful file permission change attempts for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to re...Rule Medium Severity -
Ensure auditd Unauthorized Access Attempts To open_by_handle_at Are Ordered Correctly
The audit system should collect detailed unauthorized file accesses for all users and root. To correctly identify unsuccessful creation, unsuccessful modification and unsuccessful access of files v...Rule Medium Severity -
Record Unsuccessful Ownership Changes to Files - fchown
The audit system should collect unsuccessful file ownership change attempts for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to rea...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.