Guide to the Secure Configuration of UnionTech OS Server 20
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Disable SSH Support for User Known Hosts
SSH can allow system users to connect to systems if a cache of the remote systems public keys is available. This should be disabled. <br><br> To e...Rule Medium Severity -
Disable X11 Forwarding
The X11Forwarding parameter provides the ability to tunnel X11 traffic through the connection to enable remote graphic connections. SSH has the cap...Rule Medium Severity -
Remote Login Banner Verbiage
Enter an appropriate login banner for your organization. Please note that new lines must be expressed by the '\n' character and special characters ...Value -
net.ipv4.icmp_echo_ignore_broadcasts
Ignore all ICMP ECHO and TIMESTAMP requests sent to it via broadcast/multicastValue -
Sudo - timestamp_timeout value
Defines the number of minutes that can elapse before <code>sudo</code> will ask for a passwd again. If set to a value less than 0 the user's time s...Value -
net.ipv4.icmp_ignore_bogus_error_responses
Enable to prevent unnecessary loggingValue -
net.ipv4.tcp_invalid_ratelimit
Configure the maximal rate for sending duplicate acknowledgments in response to incoming invalid TCP packets.Value -
Sudo - umask value
Specify the sudo umask to use. The actual umask value that is used is the union of the user's umask and the sudo umask. The default sudo umask is 0...Value -
net.ipv4.tcp_rfc1337
Enable to enable TCP behavior conformant with RFC 1337Value -
net.ipv4.tcp_syncookies
Enable to turn on TCP SYN Cookie ProtectionValue
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules