Skip to content

Guide to the Secure Configuration of Oracle Linux 9

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Enable Kernel Page-Table Isolation (KPTI)

    To enable Kernel page-table isolation, add the argument <code>pti=on</code> to the default GRUB 2 command line for the Linux operating system. To e...
    Rule Low Severity
  • Configure the confidence in TPM for entropy

    The TPM security chip that is available in most modern systems has a hardware RNG. It is also used to feed the entropy pool, but generally not cred...
    Rule Low Severity
  • Disable merging of slabs with similar size

    The kernel may merge similar slabs together to reduce overhead and increase cache hotness of objects. Disabling merging of slabs keeps the slabs se...
    Rule Medium Severity
  • Configure Speculative Store Bypass Mitigation

    Certain CPUs are vulnerable to an exploit against a common wide industry wide performance optimization known as Speculative Store Bypass (SSB). In...
    Rule Medium Severity
  • Enforce Spectre v2 mitigation

    Spectre V2 is an indirect branch poisoning attack that can lead to data leakage. An exploit for Spectre V2 tricks the indirect branch predictor int...
    Rule High Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules