Skip to content

Guide to the Secure Configuration of Oracle Linux 8

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Ensure sudo Runs In A Minimal Environment - sudo env_reset

    The sudo <code>env_reset</code> tag, when specified, will run the command in a minimal environment, containing the TERM, PATH, HOME, MAIL, SHELL, L...
    Rule Medium Severity
  • Ensure sudo Ignores Commands In Current Dir - sudo ignore_dot

    The sudo <code>ignore_dot</code> tag, when specified, will ignore the current directory in the PATH environment variable. This should be enabled by...
    Rule Medium Severity
  • Ensure Privileged Escalated Commands Cannot Execute Other Commands - sudo NOEXEC

    The sudo <code>NOEXEC</code> tag, when specified, prevents user executed commands from executing other commands, like a shell for example. This sho...
    Rule High Severity
  • Ensure sudo passwd_timeout is appropriate - sudo passwd_timeout

    The sudo <code>passwd_timeout</code> tag sets the amount of time sudo password prompt waits. The passwd_timeout should be configured by making sure...
    Rule Medium Severity
  • Ensure Only Users Logged In To Real tty Can Execute Sudo - sudo requiretty

    The sudo <code>requiretty</code> tag, when specified, will only execute sudo commands from users logged in to a real tty. This should be enabled by...
    Rule Medium Severity
  • Ensure sudo umask is appropriate - sudo umask

    The sudo <code>umask</code> tag, when specified, will be added the to the user's umask in the command environment. The umask should be configured b...
    Rule Medium Severity
  • Ensure Only Users Logged In To Real tty Can Execute Sudo - sudo use_pty

    The sudo <code>use_pty</code> tag, when specified, will only execute sudo commands from users logged in to a real tty. This should be enabled by ma...
    Rule Medium Severity
  • Ensure Sudo Logfile Exists - sudo logfile

    A custom log sudo file can be configured with the 'logfile' tag. This rule configures a sudo custom logfile at the default location suggested by CI...
    Rule Low Severity
  • Ensure a dedicated group owns sudo

    Restrict the execution of privilege escalated commands to a dedicated group of users. Ensure the group owner of /usr/bin/sudo is <xccdf-1.2:sub xml...
    Rule Medium Severity
  • Ensure Users Re-Authenticate for Privilege Escalation - sudo !authenticate

    The sudo <code>!authenticate</code> option, when specified, allows a user to execute commands using sudo without having to authenticate. This shoul...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules