Guide to the Secure Configuration of Anolis OS 8
Rules, Groups, and Values defined within the XCCDF Benchmark
-
NetoworkManager DNS Mode
This sets how NetworkManager handles DNS. none - NetworkManager will not modify resolv.conf. default - NetworkManager will update /etc/resolv.con...Value -
Disable mutable hooks
Ensure kernel structures associated with LSMs are always mapped as read-only after system boot. The configuration that was used to build kernel is...Rule Medium Severity -
Ensure Log Files Are Owned By Appropriate Group
The group-owner of all log files written by <code>rsyslog</code> should be <code>root</code>. These log files are determined by the second part of ...Rule Medium Severity -
Verify File Hashes with RPM
Without cryptographic integrity protections, system executables and files can be altered by unauthorized users without detection. The RPM package m...Rule High Severity -
Verify and Correct File Permissions with RPM
The RPM package management system can check file access permissions of installed software packages, including many that are important to system sec...Rule High Severity -
Ensure /dev/shm is configured
The <code>/dev/shm</code> is a traditional shared memory concept. One program will create a memory portion, which other processes (if permitted) ca...Rule Low Severity -
Ensure PAM Displays Last Logon/Access Notification
To configure the system to notify users of last logon/access using <code>pam_lastlog</code>, add or correct the <code>pam_lastlog</code> settings i...Rule Low Severity -
Set Interactive Session Timeout
Setting the <code>TMOUT</code> option in <code>/etc/profile</code> ensures that all user sessions will terminate based on inactivity. The value of ...Rule Medium Severity -
Ensure auditd Collects Information on Kernel Module Loading and Unloading
To capture kernel module loading and unloading events, use following lines, setting ARCH to either b32 for 32-bit system, or having two lines for b...Rule Medium Severity -
Type of hostname to record the audit event
Type of hostname to record the audit eventValue
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules