Guide to the Secure Configuration of Oracle Linux 7
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Enable the secadm_exec_content SELinux Boolean
By default, the SELinux boolean <code>secadm_exec_content</code> is enabled. If this setting is disabled, it should be enabled. To enable the <code>secadm_exec_content</code> SELinux boolean, run ...Rule Medium Severity -
Disable the secure_mode SELinux Boolean
By default, the SELinux boolean <code>secure_mode</code> is disabled. If this setting is enabled, it should be disabled. To disable the <code>secure_mode</code> SELinux boolean, run the following ...Rule Medium Severity -
Configure the secure_mode_insmod SELinux Boolean
By default, the SELinux boolean <code>secure_mode_insmod</code> is disabled. This setting should be configured to <xccdf-1.2:sub idref="xccdf_org.ssgproject.content_value_var_secure_mode_insmod" us...Rule Medium Severity -
Disable the selinuxuser_execheap SELinux Boolean
By default, the SELinux boolean <code>selinuxuser_execheap</code> is disabled. When enabled this boolean is enabled it allows selinuxusers to execute code from the heap. If this setting is enabled,...Rule Medium Severity -
Enable the selinuxuser_execmod SELinux Boolean
By default, the SELinux boolean <code>selinuxuser_execmod</code> is enabled. If this setting is disabled, it should be enabled. To enable the <code>selinuxuser_execmod</code> SELinux boolean, run ...Rule Medium Severity -
Disable the selinuxuser_execstack SELinux Boolean
By default, the SELinux boolean <code>selinuxuser_execstack</code> is enabled. This setting should be disabled as unconfined executables should not be able to make their stack executable. To disab...Rule Medium Severity -
Disable the selinuxuser_mysql_connect_enabled SELinux Boolean
By default, the SELinux boolean <code>selinuxuser_mysql_connect_enabled</code> is disabled. If this setting is enabled, it should be disabled. To disable the <code>selinuxuser_mysql_connect_enable...Rule Medium Severity -
Enable the selinuxuser_ping SELinux Boolean
By default, the SELinux boolean <code>selinuxuser_ping</code> is enabled. If this setting is disabled, it should be enabled as it allows confined users to use ping and traceroute which is helpful f...Rule Medium Severity -
Disable the selinuxuser_postgresql_connect_enabled SELinux Boolean
By default, the SELinux boolean <code>selinuxuser_postgresql_connect_enabled</code> is disabled. If this setting is enabled, it should be disabled. To disable the <code>selinuxuser_postgresql_conn...Rule Medium Severity -
Disable the selinuxuser_rw_noexattrfile SELinux Boolean
By default, the SELinux boolean <code>selinuxuser_rw_noexattrfile</code> is enabled. This setting should be disabled as users should not be able to read/write files on filesystems that do not have ...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.