Skip to content

Guide to the Secure Configuration of Oracle Linux 8

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Ensure SMEP is not disabled during boot

    The SMEP is used to prevent the supervisor mode from executing user space code, it is enabled by default since Linux kernel 3.0. But it could be di...
    Rule Medium Severity
  • container_connect_any SELinux Boolean

    default - Default SELinux boolean setting.
    on - SELinux boolean is enabled.
    off - SELinux boolean is disabled.
    Value
  • Enable Kernel Page-Table Isolation (KPTI)

    To enable Kernel page-table isolation, add the argument <code>pti=on</code> to the default GRUB 2 command line for the Linux operating system. To e...
    Rule Low Severity
  • Configure the confidence in TPM for entropy

    The TPM security chip that is available in most modern systems has a hardware RNG. It is also used to feed the entropy pool, but generally not cred...
    Rule Low Severity
  • Disable merging of slabs with similar size

    The kernel may merge similar slabs together to reduce overhead and increase cache hotness of objects. Disabling merging of slabs keeps the slabs se...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules