Skip to content
Log In

Guide to the Secure Configuration of Oracle Linux 8

Rules, Groups, and Values defined within the XCCDF Benchmark

  • System and Software Integrity

    System and software integrity can be gained by installing antivirus, increasing system encryption strength with FIPS, verifying installed software, enabling SELinux, installing an Intrusion Prevent...
    Group
    Show

  • System Settings

    Contains rules that check correct system settings.
    Group
    Show

  • Installing and Maintaining Software

    The following sections contain information on security-relevant choices during the initial operating system installation process and the setup of software updates.
    Group
    Show

  • Prefer to use a 64-bit Operating System when supported

    Prefer installation of 64-bit operating systems when the CPU supports it.
    Rule Medium Severity
    Show

  • Software Integrity Checking

    Both the AIDE (Advanced Intrusion Detection Environment) software and the RPM package management system provide mechanisms for verifying the integrity of installed software. AIDE uses snapshots of ...
    Group
    Show

  • Integrity Scan Notification Email Address

    Specify the email address for designated personnel if baseline configurations are changed in an unauthorized manner.
    Value
    Show

  • Verify Integrity with RPM

    The RPM package management system includes the ability to verify the integrity of installed packages by comparing the installed files with information about the files taken from the package metadat...
    Group
    Show

  • Disable ATM Support

    The Asynchronous Transfer Mode (ATM) is a protocol operating on network, data link, and physical layers, based on virtual circuits and virtual paths. To configure the system to prevent the <code>a...
    Rule Medium Severity
    Show

  • Verify Permissions on /etc/audit/auditd.conf

    To properly set the permissions of /etc/audit/auditd.conf, run the command: 
    $ sudo chmod 0640 /etc/audit/auditd.conf
    Rule Medium Severity
    Show

  • Verify Permissions On /etc/crypttab File

    To properly set the permissions of /etc/crypttab, run the command: 
    $ sudo chmod 0600 /etc/crypttab
    Rule Medium Severity
    Show

  • Ensure All Files Are Owned by a User

    If any files are not owned by a user, then the cause of their lack of ownership should be investigated. Following this, the files should be deleted or assigned to an appropriate user. Locate the m...
    Rule Medium Severity
    Show

  • Enable Kernel Parameter to Enforce DAC on Hardlinks

    To set the runtime status of the <code>fs.protected_hardlinks</code> kernel parameter, run the following command: <pre>$ sudo sysctl -w fs.protected_hardlinks=1</pre> To make sure that the setting ...
    Rule Medium Severity
    Show

  • Enable Kernel Parameter to Enforce DAC on Symlinks

    To set the runtime status of the <code>fs.protected_symlinks</code> kernel parameter, run the following command: <pre>$ sudo sysctl -w fs.protected_symlinks=1</pre> To make sure that the setting is...
    Rule Medium Severity
    Show

  • Verify Group Who Owns /etc/shells File

    To properly set the group owner of /etc/shells, run the command: 
    $ sudo chgrp root /etc/shells
    Rule Medium Severity
    Show

  • Verify User Who Owns shadow File

    To properly set the owner of /etc/shadow, run the command: 
    $ sudo chown root /etc/shadow
    Rule Medium Severity
    Show

  • Verify Who Owns /etc/shells File

    To properly set the owner of /etc/shells, run the command: 
    $ sudo chown root /etc/shells
    Rule Medium Severity
    Show

  • Verify Permissions on /etc/shells File

    To properly set the permissions of /etc/shells, run the command: 
    $ sudo chmod 0644 /etc/shells
    Rule Medium Severity
    Show

  • Verify User Who Owns /var/log/syslog File

    To properly set the owner of /var/log/syslog, run the command: 
    $ sudo chown syslog /var/log/syslog
    Rule Medium Severity
    Show

  • Verify that Shared Library Directories Have Root Group Ownership

    System-wide shared library files, which are linked to executables during process load time or run time, are stored in the following directories by default: <pre>/lib /lib64 /usr/lib /usr/lib64 </pr...
    Rule Medium Severity
    Show

  • Verify that Shared Library Directories Have Restrictive Permissions

    System-wide shared library directories, which contain are linked to executables during process load time or run time, are stored in the following directories by default: <pre>/lib /lib64 /usr/lib /...
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules