Guide to the Secure Configuration of Oracle Linux 7
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Ensure auditd Collects Information on the Use of Privileged Commands - newgidmap
At a minimum, the audit system should collect the execution of privileged commands for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program...Rule Medium Severity -
Ensure auditd Collects Information on the Use of Privileged Commands - passwd
At a minimum, the audit system should collect the execution of privileged commands for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program...Rule Medium Severity -
Ensure auditd Collects Information on the Use of Privileged Commands - postdrop
At a minimum, the audit system should collect the execution of privileged commands for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program...Rule Medium Severity -
Ensure auditd Collects Information on the Use of Privileged Commands - pt_chown
At a minimum, the audit system should collect the execution of privileged commands for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program...Rule Medium Severity -
Ensure auditd Collects Information on the Use of Privileged Commands - ssh-keysign
At a minimum, the audit system should collect the execution of privileged commands for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program...Rule Medium Severity -
Ensure auditd Collects Information on the Use of Privileged Commands - umount
At a minimum, the audit system should collect the execution of privileged commands for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program...Rule Medium Severity -
Record attempts to alter time through adjtimex
If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add the following line to a file with suffix <cod...Rule Medium Severity -
Record Attempts to Alter Time Through clock_settime
If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add the following line to a file with suffix <cod...Rule Medium Severity -
Ensure the audispd's remote logging daemon executable is correct
Ensure the executable used by <code>audisp-remote</code> plug-in of the <code>audispd</code> audit event multiplexor is correct. Check that the <code>path</code> directive in <code>/etc/audisp/plug...Rule Medium Severity -
Configure auditd admin_space_left Action on Low Disk Space
The <code>auditd</code> service can be configured to take an action when disk space is running low but prior to running out of space completely. Edit the file <code>/etc/audit/auditd.conf</code>. A...Rule Medium Severity -
Configure auditd max_log_file_action Upon Reaching Maximum Log Size
The default action to take when the logs reach their maximum size is to rotate the log files, discarding the oldest one. To configure the action taken by <code>auditd</code>, add or correct the lin...Rule Medium Severity -
Configure audit according to OSPP requirements
Configure audit to meet requirements for Operating System Protection Profile (OSPP) v4.2.1. Audit defines groups of rules in <code>/usr/share/doc/audit/rules</code> to satisfy specific policies. ...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.