Skip to content
Log In

Guide to the Secure Configuration of Oracle Linux 9

Rules, Groups, and Values defined within the XCCDF Benchmark

  • number of days after a password expires until the account is permanently disabled

    The number of days to wait after a password expires, until the account will be permanently disabled.
    Value
    Show

  • Sudo - umask value

    Specify the sudo umask to use. The actual umask value that is used is the union of the user's umask and the sudo umask. The default sudo umask is 0022. This guarantess sudo never lowers the umask w...
    Value
    Show

  • Remote Login Banner Verbiage

    Enter an appropriate login banner for your organization. Please note that new lines must be expressed by the '\n' character and special characters like parentheses and quotation marks must be escap...
    Value
    Show

  • Account Inactivity Timeout (seconds)

    In an interactive shell, the value is interpreted as the number of seconds to wait for input after issuing the primary prompt. Bash terminates after waiting for that number of seconds if input does...
    Value
    Show

  • Interactive users initialization files

    'A regular expression describing a list of file names for files that are sourced at login time for interactive users'
    Value
    Show

  • Verify Integrity with AIDE

    AIDE conducts integrity checks by comparing information about files with previously-gathered information. Ideally, the AIDE database is created immediately after initial system configuration, and t...
    Group
    Show

  • Install AIDE

    The aide package can be installed with the following command: 
    $ sudo yum install aide
    Rule Medium Severity
    Show

  • Build and Test AIDE Database

    Run the following command to generate a new database: <pre>$ sudo /usr/sbin/aide --init</pre> By default, the database will be written to the file <code>/var/lib/aide/aide.db.new.gz</code>. Sto...
    Rule Medium Severity
    Show

  • Configure AIDE to Verify the Audit Tools

    The operating system file integrity tool must be configured to protect the integrity of the audit tools.
    Rule Medium Severity
    Show

  • Configure Notification of Post-AIDE Scan Details

    AIDE should notify appropriate personnel of the details of a scan after the scan has been run. If AIDE has already been configured for periodic execution in <code>/etc/crontab</code>, append the fo...
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules