Guide to the Secure Configuration of Alibaba Cloud Linux 3
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Maximum concurrent login sessions
Maximum number of concurrent sessions by a userValue -
Account Inactivity Timeout (seconds)
In an interactive shell, the value is interpreted as the number of seconds to wait for input after issuing the primary prompt. Bash terminates after waiting for that number of seconds if input does...Value -
Ensure the Logon Failure Delay is Set Correctly in login.defs
To ensure the logon failure delay controlled by <code>/etc/login.defs</code> is set properly, add or correct the <code>FAIL_DELAY</code> setting in <code>/etc/login.defs</code> to read as follows: ...Rule Medium Severity -
Configure Polyinstantiation of /tmp Directories
To configure polyinstantiated /tmp directories, first create the parent directories which will hold the polyinstantiation child directories. Use the following command: <pre>$ sudo mkdir --mode 000 ...Rule Low Severity -
Configure Polyinstantiation of /var/tmp Directories
To configure polyinstantiated /tmp directories, first create the parent directories which will hold the polyinstantiation child directories. Use the following command: <pre>$ sudo mkdir --mode 000 ...Rule Low Severity -
Ensure the audit Subsystem is Installed
The audit package should be installed.Rule Medium Severity -
System Accounting with auditd
The audit service provides substantial capabilities for recording system activities. By default, the service audits about SELinux AVC denials and certain types of security-relevant events such as s...Group -
Record Unauthorized Access Attempts Events to Files (unsuccessful)
At a minimum, the audit system should collect unauthorized file accesses for all users and root. Note that the "-F arch=b32" lines should be present even on a 64 bit system. These commands identify...Group -
Action for auditd to take when disk is full
'The setting for disk_full_action in /etc/audit/auditd.conf, if multiple values are allowed write them separated by pipes as in "syslog|single|halt", for remediations the first value will be taken'Value -
Number of Record to Retain Before Flushing to Disk
The setting for freq in /etc/audit/auditd.confValue
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.