Skip to content

Guide to the Secure Configuration of Oracle Linux 8

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Minimize Software to Minimize Vulnerability

    The simplest way to avoid vulnerabilities in software is to avoid installing that software. On Oracle Linux 8,the RPM Package Manager (originally R...
    Group
  • Run Different Network Services on Separate Systems

    Whenever possible, a server should be dedicated to serving exactly one network service. This limits the number of other services that can be compro...
    Group
  • Configure Security Tools to Improve System Robustness

    Several tools exist which can be effectively used to improve a system's resistance to and detection of unknown attacks. These tools can improve rob...
    Group
  • How to Use This Guide

    Readers should heed the following points when using the guide.
    Group
  • Formatting Conventions

    Commands intended for shell execution, as well as configuration file text, are featured in a <code>monospace font</code>. <i>Italics</i> are used t...
    Group
  • Read Sections Completely and in Order

    Each section may build on information and recommendations discussed in prior sections. Each section should be read and understood completely; instr...
    Group
  • Reboot Required

    A system reboot is implicitly required after some actions in order to complete the reconfiguration of the system. In many cases, the changes will n...
    Group
  • Root Shell Environment Assumed

    Most of the actions listed in this document are written with the assumption that they will be executed by the root user running the <code>/bin/bash...
    Group
  • Test in Non-Production Environment

    This guidance should always be tested in a non-production environment before deployment. This test environment should simulate the setup in which t...
    Group
  • System Must Avoid Meltdown and Spectre Exploit Vulnerabilities in Modern Processors

    Verify that Meltdown mitigations are not disabled:
    $ sudo grubby --info=ALL | grep mitigations
    The mitigations must not be set to "off".
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules