Skip to content

Guide to the Secure Configuration of Oracle Linux 8

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Ensure auditd Unauthorized Access Attempts To open_by_handle_at Are Ordered Correctly

    The audit system should collect detailed unauthorized file accesses for all users and root. To correctly identify unsuccessful creation, unsuccessf...
    Rule Medium Severity
  • Record Unsuccessful Creation Attempts to Files - open O_CREAT

    The audit system should collect unauthorized file accesses for all users and root. The <code>open</code> syscall can be used to create new files wh...
    Rule Medium Severity
  • Record Unsuccessful Modification Attempts to Files - open O_TRUNC_WRITE

    The audit system should collect detailed unauthorized file accesses for all users and root. The <code>open</code> syscall can be used to modify fil...
    Rule Medium Severity
  • Ensure auditd Rules For Unauthorized Attempts To open Are Ordered Correctly

    The audit system should collect detailed unauthorized file accesses for all users and root. To correctly identify unsuccessful creation, unsuccessf...
    Rule Medium Severity
  • cobbler_use_cifs SELinux Boolean

    default - Default SELinux boolean setting.
    on - SELinux boolean is enabled.
    off - SELinux boolean is disabled.
    Value
  • Record Unsuccessful Access Attempts to Files - openat

    At a minimum, the audit system should collect unauthorized file accesses for all users and root. If the <code>auditd</code> daemon is configured to...
    Rule Medium Severity
  • Record Unsuccessful Creation Attempts to Files - openat O_CREAT

    The audit system should collect unauthorized file accesses for all users and root. The <code>openat</code> syscall can be used to create new files ...
    Rule Medium Severity
  • Record Unsuccessful Modification Attempts to Files - openat O_TRUNC_WRITE

    The audit system should collect detailed unauthorized file accesses for all users and root. The <code>openat</code> syscall can be used to modify f...
    Rule Medium Severity
  • Ensure auditd Rules For Unauthorized Attempts To openat Are Ordered Correctly

    The audit system should collect detailed unauthorized file accesses for all users and root. To correctly identify unsuccessful creation, unsuccessf...
    Rule Medium Severity
  • Record Unsuccessful Permission Changes to Files - removexattr

    The audit system should collect unsuccessful file permission change attempts for all users and root. If the <code>auditd</code> daemon is configure...
    Rule Medium Severity
  • Record Unsuccessful Delete Attempts to Files - rename

    The audit system should collect unsuccessful file deletion attempts for all users and root. If the <code>auditd</code> daemon is configured to use ...
    Rule Medium Severity
  • Record Unsuccessful Delete Attempts to Files - renameat

    The audit system should collect unsuccessful file deletion attempts for all users and root. If the <code>auditd</code> daemon is configured to use...
    Rule Medium Severity
  • Record Unsuccessful Permission Changes to Files - setxattr

    The audit system should collect unsuccessful file permission change attempts for all users and root. If the <code>auditd</code> daemon is configure...
    Rule Medium Severity
  • Appropriate Action Must be Setup When the Internal Audit Event Queue is Full

    The audit system should have an action setup in the event the internal event queue becomes full. To setup an overflow action edit <code>/etc/audit/...
    Rule Medium Severity
  • Record Unsuccessful Access Attempts to Files - truncate

    At a minimum, the audit system should collect unauthorized file accesses for all users and root. If the <code>auditd</code> daemon is configured to...
    Rule Medium Severity
  • Record Unsuccessful Delete Attempts to Files - unlink

    The audit system should collect unsuccessful file deletion attempts for all users and root. If the <code>auditd</code> daemon is configured to use...
    Rule Medium Severity
  • Record Unsuccessful Delete Attempts to Files - unlinkat

    The audit system should collect unsuccessful file deletion attempts for all users and root. If the <code>auditd</code> daemon is configured to use...
    Rule Medium Severity
  • Record Information on Kernel Modules Loading and Unloading

    To capture kernel module loading and unloading events, use following lines, setting ARCH to either b32 for 32-bit system, or having two lines for b...
    Group
  • cobbler_use_nfs SELinux Boolean

    default - Default SELinux boolean setting.
    on - SELinux boolean is enabled.
    off - SELinux boolean is disabled.
    Value
  • Ensure auditd Collects Information on Kernel Module Unloading - delete_module

    To capture kernel module unloading events, use following line, setting ARCH to either b32 for 32-bit system, or having two lines for both b32 and b...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules