Skip to content

Guide to the Secure Configuration of Alibaba Cloud Linux 3

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Record Events that Modify User/Group Information - /etc/passwd

    If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default),...
    Rule Medium Severity
  • Record Events that Modify User/Group Information - /etc/shadow

    If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default),...
    Rule Medium Severity
  • zIPL bootloader configuration

    During the boot process, the bootloader is responsible for starting the execution of the kernel and passing options to it. The default Alibaba Clou...
    Group
  • cron_can_relabel SELinux Boolean

    default - Default SELinux boolean setting.
    on - SELinux boolean is enabled.
    off - SELinux boolean is disabled.
    Value
  • System Audit Logs Must Have Mode 0750 or Less Permissive

    If <code>log_group</code> in <code>/etc/audit/auditd.conf</code> is set to a group other than the <code>root</code> group account, change the mode...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules