Skip to content
Log In

Guide to the Secure Configuration of Anolis OS 8

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Ensure /tmp Located On Separate Partition

    The /tmp directory is a world-writable directory used for temporary file storage. Ensure it has its own partition or logical volume at installation time, or migrate it using LVM.
    Rule Low Severity
    Show

  • Ensure /var Located On Separate Partition

    The <code>/var</code> directory is used by daemons and other system services to store frequently-changing data. Ensure that <code>/var</code> has its own partition or logical volume at installation...
    Rule Low Severity
    Show

  • Ensure /var/log Located On Separate Partition

    System logs are stored in the /var/log directory. Ensure that /var/log has its own partition or logical volume at installation time, or migrate it using LVM.
    Rule Low Severity
    Show

  • Ensure /var/log/audit Located On Separate Partition

    Audit logs are stored in the <code>/var/log/audit</code> directory. Ensure that <code>/var/log/audit</code> has its own partition or logical volume at installation time, or migrate it using LVM. M...
    Rule Low Severity
    Show

  • GNOME Desktop Environment

    GNOME is a graphical desktop environment bundled with many Linux distributions that allow users to easily interact with the operating system graphically rather than textually. The GNOME Graphical D...
    Group
    Show

  • Configure GNOME Screen Locking

    In the default GNOME3 desktop, the screen can be locked by selecting the user name in the far right corner of the main panel and selecting <b>Lock</b>. <br> <br> The following sections deta...
    Group
    Show

  • Screensaver Inactivity timeout

    Choose allowed duration (in seconds) of inactive graphical sessions
    Value
    Show

  • Screensaver Lock Delay

    Choose allowed duration (in seconds) after a screensaver becomes active before displaying an authentication prompt
    Value
    Show

  • Sudo

    <code>Sudo</code>, which stands for "su 'do'", provides the ability to delegate authority to certain users, groups of users, or system administrators. When configured for system users and/or groups...
    Group
    Show

  • Sudo - logfile value

    Specify the sudo logfile to use. The default value used here matches the example location from CIS, which uses /var/log/sudo.log.
    Value
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules