Skip to content

Guide to the Secure Configuration of Oracle Linux 9

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Add nodev Option to Non-Root Local Partitions

    The <code>nodev</code> mount option prevents files from being interpreted as character or block devices. Legitimate character and block devices sho...
    Rule Medium Severity
  • Add nodev Option to Removable Media Partitions

    The <code>nodev</code> mount option prevents files from being interpreted as character or block devices. Legitimate character and block devices sho...
    Rule Medium Severity
  • Add noexec Option to Removable Media Partitions

    The <code>noexec</code> mount option prevents the direct execution of binaries on the mounted filesystem. Preventing the direct execution of binari...
    Rule Medium Severity
  • Add nosuid Option to Removable Media Partitions

    The <code>nosuid</code> mount option prevents set-user-identifier (SUID) and set-group-identifier (SGID) permissions from taking effect. These perm...
    Rule Medium Severity
  • Restrict Access to Kernel Message Buffer

    To set the runtime status of the <code>kernel.dmesg_restrict</code> kernel parameter, run the following command: <pre>$ sudo sysctl -w kernel.dmesg...
    Rule Low Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules