Skip to content
ATO Pathways
  Log In

Guide to the Secure Configuration of Fedora

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Force initialization of variables containing userspace addresses

    While the kernel is built with warnings enabled for any missed stack variable initializations, this warning is silenced for anything passed by refe...
    Rule Medium Severity
    Show

  • zero-init everything passed by reference

    Zero-initialize any stack variables that may be passed by reference and had not already been explicitly initialized. This configuration is availabl...
    Rule Medium Severity
    Show

  • Disable Wireless Through Software Configuration

    If it is impossible to remove the wireless hardware from the device in question, disable as much of it as possible through software. The following ...
    Group
    Show

  • Configure Syslog

    The syslog service has been the default Unix logging mechanism for many years. It has a number of downsides, including inconsistent log format, lac...
    Group
    Show

  • Ensure rsyslog-gnutls is installed

    TLS protocol support for rsyslog is installed. The <code>rsyslog-gnutls</code> package can be installed with the following command: <pre> $ sudo d...
    Rule Medium Severity
    Show

  • Ensure rsyslog is Installed

    Rsyslog is installed by default. The rsyslog package can be installed with the following command: 
     $ sudo dnf install rsyslog
    Rule Medium Severity
    Show

  • Enable rsyslog Service

    The <code>rsyslog</code> service provides syslog-style logging by default on Fedora. The <code>rsyslog</code> service can be enabled with the foll...
    Rule Medium Severity
    Show

  • Disable Logwatch on Clients if a Logserver Exists

    Does your site have a central logserver which has been configured to report on logs received from all systems? If so: <pre>$ sudo rm /etc/cron.dail...
    Rule Unknown Severity
    Show

  • Configure Logwatch on the Central Log Server

    Is this system the central log server? If so, edit the file /etc/logwatch/conf/logwatch.conf as shown below.
    Group
    Show

  • Configure Logwatch HostLimit Line

    On a central logserver, you want Logwatch to summarize all syslog entries, including those which did not originate on the logserver itself. The <co...
    Rule Unknown Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules