Guide to the Secure Configuration of Fedora
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Disable kexec system call
<code>kexec</code> is a system call that implements the ability to shutdown your current kernel, and to start another kernel. It is like a reboot but it is independent of the system firmware. And l...Rule Low Severity -
Disable legacy (BSD) PTY support
Disable the Linux traditional BSD-like terminal names /dev/ptyxx for masters and /dev/ttyxx for slaves of pseudo terminals, and use only the modern ptys (devpts) interface. The configuration that ...Rule Medium Severity -
Disable vsyscall emulation
The kernel traps and emulates calls into the fixed vsyscall address mapping. This configuration is available from kernel 5.3, but may be available if backported by distros. The configuration that ...Rule Medium Severity -
Disable vsyscall mapping
This config disables the vsyscall mapping at all. Attempts to use the vsyscalls will be reported to dmesg, so that either old or malicious userspace programs can be identified. This configuration i...Rule Medium Severity -
Disable vsyscall emulate execution only
The kernel traps and emulates calls into the fixed vsyscall address mapping and does not allow reads. This configuration is available from kernel 5.3. The configuration that was used to build kern...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules