Guide to the Secure Configuration of Anolis OS 23
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Ensure auditd Collects Information on the Use of Privileged Commands - shutdown
At a minimum, the audit system should collect the execution of privileged commands for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program...Rule Medium Severity -
Configure auditd Disk Error Action on Disk Error
The <code>auditd</code> service can be configured to take an action when there is a disk error. Edit the file <code>/etc/audit/auditd.conf</code>. Add or modify the following line, substituting <i>...Rule Medium Severity -
Record attempts to alter time through adjtimex
If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add the following line to a file with suffix <cod...Rule Medium Severity -
Record Attempts to Alter Time Through clock_settime
If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add the following line to a file with suffix <cod...Rule Medium Severity -
Record attempts to alter time through settimeofday
If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add the following line to a file with suffix <cod...Rule Medium Severity -
Configure auditd Number of Logs Retained
Determine how many log files <code>auditd</code> should retain when it rotates logs. Edit the file <code>/etc/audit/auditd.conf</code>. Add or modify the following line, substituting <i>NUMLOGS</i>...Rule Medium Severity -
Record Attempts to Alter the localtime File
If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add the following line to a file with suffix <cod...Rule Medium Severity -
Account for auditd to send email when actions occurs
The setting for action_mail_acct in /etc/audit/auditd.confValue -
Action for auditd to take when disk errors
'The setting for disk_error_action in /etc/audit/auditd.conf, if multiple values are allowed write them separated by pipes as in "syslog|single|halt", for remediations the first value will be taken'Value -
Action for auditd to take when disk is full
'The setting for disk_full_action in /etc/audit/auditd.conf, if multiple values are allowed write them separated by pipes as in "syslog|single|halt", for remediations the first value will be taken'Value
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.