Skip to content
Log In

Guide to the Secure Configuration of Anolis OS 8

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Verify Root Has A Primary GID 0

    The root user should have a primary group of 0.
    Rule High Severity
    Show

  • Ensure that System Accounts Do Not Run a Shell Upon Login

    Some accounts are not associated with a human user of the system, and exist to perform some administrative functions. Should an attacker be able to log into these accounts, they should not be grant...
    Rule Medium Severity
    Show

  • Restrict Serial Port Root Logins

    To restrict root logins on serial ports, ensure lines of this form do not appear in /etc/securetty: 
    ttyS0
ttyS1
    Rule Medium Severity
    Show

  • Restrict Virtual Console Root Logins

    To restrict root logins through the (deprecated) virtual console devices, ensure lines of this form do not appear in /etc/securetty: 
    vc/1
vc/2
vc/3
vc/4
    Rule Medium Severity
    Show

  • Enforce usage of pam_wheel for su authentication

    To ensure that only users who are members of the <code>wheel</code> group can run commands with altered privileges through the <code>su</code> command, make sure that the following line exists in t...
    Rule Medium Severity
    Show

  • net.ipv6.conf.all.accept_source_route

    Trackers could be using source-routed packets to generate traffic that seems to be intra-net, but actually was created outside and has been redirected.
    Value
    Show

  • Secure Session Configuration Files for Login Accounts

    When a user logs into a Unix account, the system configures the user's session by reading a number of files. Many of these files are located in the user's home directory, and may have weak permissi...
    Group
    Show

  • Maximum login attempts delay

    Maximum time in seconds between fail login attempts before re-prompting.
    Value
    Show

  • Maximum concurrent login sessions

    Maximum number of concurrent sessions by a user
    Value
    Show

  • Account Inactivity Timeout (seconds)

    In an interactive shell, the value is interpreted as the number of seconds to wait for input after issuing the primary prompt. Bash terminates after waiting for that number of seconds if input does...
    Value
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules