Guide to the Secure Configuration of Alibaba Cloud Linux 3
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Ensure System Log Files Have Correct Permissions
The file permissions for all log files written by <code>rsyslog</code> should be set to 640, or more restrictive. These log files are determined by the second part of each Rule line in <code>/etc/r...Rule Medium Severity -
systemd-journald
systemd-journald is a system service that collects and stores logging data. It creates and maintains structured, indexed journals based on logging information that is received from a variety of sou...Group -
Enable rsyslog to Accept Messages via UDP, if Acting As Log Server
The <code>rsyslog</code> daemon should not accept remote messages unless the system acts as a log server. If the system needs to act as a central log server, add the following lines to <code>/etc/r...Rule Unknown Severity -
Verify firewalld Enabled
Thefirewalldservice can be enabled with the following command:$ sudo systemctl enable firewalld.service
Rule Medium Severity -
Ensure logrotate is Installed
logrotate is installed by default. Thelogrotatepackage can be installed with the following command:$ sudo yum install logrotate
Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules