Guide to the Secure Configuration of Oracle Linux 7
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Disable Ctrl-Alt-Del Reboot Activation
By default, <code>SystemD</code> will reboot the system if the <code>Ctrl-Alt-Del</code> key sequence is pressed. <br><br> To configure the system ...Rule High Severity -
Set Password Hashing Algorithm in /etc/libuser.conf
In <code>/etc/libuser.conf</code>, add or correct the following line in its <code>[defaults]</code> section to ensure the system will use the SHA-5...Rule Medium Severity -
Set Password Hashing Algorithm in /etc/login.defs
In <code>/etc/login.defs</code>, add or correct the following line to ensure the system will use <xccdf-1.2:sub idref="xccdf_org.ssgproject.content...Rule Medium Severity -
Set PAM''s Password Hashing Algorithm - password-auth
The PAM system service can be configured to only store encrypted representations of passwords. In <code>/etc/pam.d/password-auth</code>, the <code>...Rule Medium Severity -
Set PAM''s Password Hashing Algorithm
The PAM system service can be configured to only store encrypted representations of passwords. In "/etc/pam.d/system-auth", the <code>password</cod...Rule Medium Severity -
Protect Physical Console Access
It is impossible to fully protect a system from an attacker with physical access, so securing the space in which the system is located should be co...Group -
Login timeout for idle sessions
Specify duration of allowed idle time.Value -
Disable debug-shell SystemD Service
SystemD's <code>debug-shell</code> service is intended to diagnose SystemD related boot issues with various <code>systemctl</code> commands. Once e...Rule Medium Severity -
Disable Ctrl-Alt-Del Burst Action
By default, <code>SystemD</code> will reboot the system if the <code>Ctrl-Alt-Del</code> key sequence is pressed Ctrl-Alt-Delete more than 7 times ...Rule High Severity -
Verify that Interactive Boot is Disabled
Oracle Linux 7 systems support an "interactive boot" option that can be used to prevent services from being started. On a Oracle Linux 7 system, in...Rule Medium Severity -
Require Authentication for Emergency Systemd Target
Emergency mode is intended as a system recovery method, providing a single user root access to the system during a failed boot sequence. <br><br> B...Rule Medium Severity -
Require Authentication for Single User Mode
Single-user mode is intended as a system recovery method, providing a single user root access to the system by providing a boot option at startup. ...Rule Medium Severity -
Configure Screen Locking
When a user must temporarily leave an account logged-in, screen locking should be employed to prevent passersby from abusing the account. User educ...Group -
Configure Console Screen Locking
A console screen locking mechanism is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the in...Group -
Install the screen Package
To enable console screen locking, install the <code>screen</code> package. The <code>screen</code> package can be installed with the following comm...Rule Medium Severity -
Hardware Tokens for Authentication
The use of hardware tokens such as smart cards for system login provides stronger, two-factor authentication than using a username and password. I...Group -
OpenSC Smart Card Drivers
Choose the Smart Card Driver in use by your organization. <br>For DoD, choose the <code>cac</code> driver. <br>If your driver is not listed and you...Value -
Install the opensc Package For Multifactor Authentication
Theopenscpackage can be installed with the following command:$ sudo yum install opensc
Rule Medium Severity -
Install the pcsc-lite package
Thepcsc-litepackage can be installed with the following command:$ sudo yum install pcsc-lite
Rule Medium Severity -
Ensure there are no legacy + NIS entries in /etc/passwd
The <code>+</code> character in <code>/etc/passwd</code> file marks a place where entries from a network information service (NIS) should be direct...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.