Skip to content

Guide to the Secure Configuration of Oracle Linux 9

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Ensure that User Home Directories are not Group-Writable or World-Readable

    For each human user of the system, view the permissions of the user's home directory: <pre># ls -ld /home/<i>USER</i></pre> Ensure that the directo...
    Rule Medium Severity
  • Ensure that No Dangerous Directories Exist in Root's Path

    The active path of the root account can be obtained by starting a new root shell and running: <pre># echo $PATH</pre> This will produce a colon-sep...
    Group
  • Ensure that Root's Path Does Not Include World or Group-Writable Directories

    For each element in root's path, run:
    # ls -ld DIR
    and ensure that write permissions are disabled for group and other.
    Rule Medium Severity
  • Ensure that Root's Path Does Not Include Relative Paths or Null Directories

    Ensure that none of the directories in root's path is equal to a single <code>.</code> character, or that it contains any instances that lead to re...
    Rule Unknown Severity
  • Ensure that Users Have Sensible Umask Values

    The umask setting controls the default permissions for the creation of new files. With a default <code>umask</code> setting of 077, files and direc...
    Group
  • Sensible umask

    Enter default user umask
    Value
  • Ensure the Default Bash Umask is Set Correctly

    To ensure the default umask for users of the Bash shell is set properly, add or correct the <code>umask</code> setting in <code>/etc/bashrc</code> ...
    Rule Medium Severity
  • Ensure the Default C Shell Umask is Set Correctly

    To ensure the default umask for users of the C shell is set properly, add or correct the <code>umask</code> setting in <code>/etc/csh.cshrc</code> ...
    Rule Medium Severity
  • Ensure the Default Umask is Set Correctly in login.defs

    To ensure the default umask controlled by <code>/etc/login.defs</code> is set properly, add or correct the <code>UMASK</code> setting in <code>/etc...
    Rule Medium Severity
  • Ensure the Default Umask is Set Correctly in /etc/profile

    To ensure the default umask controlled by <code>/etc/profile</code> is set properly, add or correct the <code>umask</code> setting in <code>/etc/pr...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules