Skip to content
ATO Pathways
  Log In

Guide to the Secure Configuration of Oracle Linux 8

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Log and Drop Packets with Suspicious Source Addresses

    Packets with non-routable source addresses should be rejected, as they may indicate spoofing. Because the modified policy will reject non-matching ...
    Group
    Show

  • IPv6

    The system includes support for Internet Protocol version 6. A major and often-mentioned improvement over IPv4 is its enormous increase in the numb...
    Group
    Show

  • Disable Support for IPv6 Unless Needed

    Despite configuration that suggests support for IPv6 has been disabled, link-local IPv6 address auto-configuration occurs even when only an IPv4 ad...
    Group
    Show

  • Ensure IPv6 is disabled through kernel boot parameter

    To disable IPv6 protocol support in the Linux kernel, add the argument <code>ipv6.disable=1</code> to the default GRUB2 command line for the Linux ...
    Rule Low Severity
    Show

  • Disable IPv6 Networking Support Automatic Loading

    To prevent the IPv6 kernel module (<code>ipv6</code>) from binding to the IPv6 networking stack, add the following line to <code>/etc/modprobe.d/di...
    Rule Medium Severity
    Show

  • Disable Support for RPC IPv6

    RPC services for NFSv4 try to load transport modules for <code>udp6</code> and <code>tcp6</code> by default, even if IPv6 has been disabled in <cod...
    Rule Unknown Severity
    Show

  • Verify Group Who Owns Backup shadow File

    To properly set the owner of /etc/shadow-, run the command: 
    $ sudo chown root /etc/shadow-
    Rule Medium Severity
    Show

  • Use Privacy Extensions for Address

    To introduce randomness into the automatic generation of IPv6 addresses, add or correct the following line in <code>/etc/sysconfig/network-scripts/...
    Rule Unknown Severity
    Show

  • Manually Assign Global IPv6 Address

    To manually assign an IP address for an interface, edit the file <code>/etc/sysconfig/network-scripts/ifcfg-<i>interface</i></code>. Add or correct...
    Rule Unknown Severity
    Show

  • Disable IPv6 Addressing on IPv6 Interfaces by Default

    To disable support for (<code>ipv6</code>) addressing on interfaces by default add the following line to <code>/etc/sysctl.d/ipv6.conf</code> (or a...
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules