Skip to content

Guide to the Secure Configuration of Oracle Linux 8

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Configure SSSD LDAP Backend Client CA Certificate

    Configure SSSD to implement cryptography to protect the integrity of LDAP remote access sessions. By setting the <pre>ldap_tls_cacert</pre> option ...
    Rule Medium Severity
  • Configure SSSD LDAP Backend Client CA Certificate Location

    Configure SSSD to implement cryptography to protect the integrity of LDAP remote access sessions. By setting the <pre>ldap_tls_cacertdir</pre> opti...
    Rule Medium Severity
  • Configure SSSD LDAP Backend Client to Demand a Valid Certificate from the Server

    Configure SSSD to demand a valid certificate from the server to protect the integrity of LDAP remote access sessions by setting the <pre>ldap_tls_r...
    Rule Medium Severity
  • Configure SSSD LDAP Backend to Use TLS For All Transactions

    The LDAP client should be configured to implement TLS for the integrity of all remote LDAP authentication sessions. If the <code>id_provider</code>...
    Rule High Severity
  • USBGuard daemon

    The USBGuard daemon enforces the USB device authorization policy for all USB devices.
    Group
  • Install usbguard Package

    The usbguard package can be installed with the following command:
    $ sudo yum install usbguard
    Rule Medium Severity
  • Log USBGuard daemon audit events using Linux Audit

    To configure USBGuard daemon to log via Linux Audit (as opposed directly to a file), <code>AuditBackend</code> option in <code>/etc/usbguard/usbgua...
    Rule Low Severity
  • Authorize Human Interface Devices in USBGuard daemon

    To allow authorization of Human Interface Devices (keyboard, mouse) by USBGuard daemon, add the line <code>allow with-interface match-all { 03:*:* ...
    Rule Medium Severity
  • Authorize Human Interface Devices and USB hubs in USBGuard daemon

    To allow authorization of USB devices combining human interface device and hub capabilities by USBGuard daemon, add the line <code>allow with-inter...
    Rule Medium Severity
  • Authorize USB hubs in USBGuard daemon

    To allow authorization of USB hub devices by USBGuard daemon, add line <code>allow with-interface match-all { 09:00:* }</code> to <code>/etc/usbgua...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules