Guide to the Secure Configuration of Anolis OS 8
Rules, Groups, and Values defined within the XCCDF Benchmark
-
McAfee Host-Based Intrusion Detection Software (HBSS)
McAfee Host-based Security System (HBSS) is a suite of software applications used to monitor, detect, and defend computer networks and systems.Group -
Install the Host Intrusion Prevention System (HIPS) Module
Install the McAfee Host Intrusion Prevention System (HIPS) Module if it is absolutely necessary. If SELinux is enabled, do not install or enable th...Rule Medium Severity -
Configure Screen Locking
When a user must temporarily leave an account logged-in, screen locking should be employed to prevent passersby from abusing the account. User educ...Group -
Disk Partitioning
To ensure separation and protection of data, there are top-level system directories which should be placed on their own physical partition or logic...Group -
Ensure /home Located On Separate Partition
If user home directories will be stored locally, create a separate partition for <code>/home</code> at installation time (or migrate it later using...Rule Low Severity -
Ensure /srv Located On Separate Partition
If a file server (FTP, TFTP...) is hosted locally, create a separate partition for <code>/srv</code> at installation time (or migrate it later usin...Rule Unknown Severity -
Ensure /tmp Located On Separate Partition
The <code>/tmp</code> directory is a world-writable directory used for temporary file storage. Ensure it has its own partition or logical volume at...Rule Low Severity -
Ensure /var Located On Separate Partition
The <code>/var</code> directory is used by daemons and other system services to store frequently-changing data. Ensure that <code>/var</code> has i...Rule Low Severity -
Ensure /var/log Located On Separate Partition
System logs are stored in the <code>/var/log</code> directory. Ensure that <code>/var/log</code> has its own partition or logical volume at instal...Rule Low Severity -
Ensure /var/log/audit Located On Separate Partition
Audit logs are stored in the <code>/var/log/audit</code> directory. Ensure that <code>/var/log/audit</code> has its own partition or logical volum...Rule Low Severity -
GNOME Desktop Environment
GNOME is a graphical desktop environment bundled with many Linux distributions that allow users to easily interact with the operating system graphi...Group -
OpenSC Smart Card Drivers
Choose the Smart Card Driver in use by your organization. <br>For DoD, choose the <code>cac</code> driver. <br>If your driver is not listed and you...Value -
Configure GNOME Login Screen
In the default GNOME desktop, the login is displayed after system boot and can display user accounts, allow users to reboot the system, and allow u...Group -
Disable XDMCP in GDM
XDMCP is an unencrypted protocol, and therefore, presents a security risk, see e.g. <a href="https://help.gnome.org/admin/gdm/stable/security.html....Rule High Severity -
GNOME Media Settings
GNOME media settings that apply to the graphical interface.Group -
GNOME Network Settings
GNOME network settings that apply to the graphical interface.Group -
GNOME Remote Access Settings
GNOME remote access settings that apply to the graphical interface.Group -
Configure GNOME Screen Locking
In the default GNOME3 desktop, the screen can be locked by selecting the user name in the far right corner of the main panel and selecting <b>Lock<...Group -
Screensaver Inactivity timeout
Choose allowed duration (in seconds) of inactive graphical sessionsValue -
Screensaver Lock Delay
Choose allowed duration (in seconds) after a screensaver becomes active before displaying an authentication promptValue
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.