Oracle Linux 7 Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
The Oracle Linux operating system must not have the ypserv package installed.
<VulnDiscussion>Removing the "ypserv" package decreases the risk of the accidental (or intentional) activation of NIS or NIS+ services.</V...Rule High Severity -
SRG-OS-000191-GPOS-00080
<GroupDescription></GroupDescription>Group -
The Oracle Linux operating system must implement the Endpoint Security for Linux Threat Prevention tool.
<VulnDiscussion>Adding endpoint security tools can provide the capability to take actions automatically in response to malicious behavior, wh...Rule Medium Severity -
SRG-OS-000324-GPOS-00125
<GroupDescription></GroupDescription>Group -
The Oracle Linux operating system must prevent nonprivileged users from executing privileged functions to include disabling, circumventing, or altering implemented security safeguards/countermeasures.
<VulnDiscussion>Preventing nonprivileged users from executing privileged functions mitigates the risk that unauthorized individuals or proces...Rule Medium Severity -
SRG-OS-000363-GPOS-00150
<GroupDescription></GroupDescription>Group -
The Oracle Linux operating system must be configured so that a file integrity tool verifies the baseline operating system configuration at least weekly.
<VulnDiscussion>Unauthorized changes to the baseline configuration could make the system vulnerable to various attacks or allow unauthorized ...Rule Medium Severity -
SRG-OS-000363-GPOS-00150
<GroupDescription></GroupDescription>Group -
The Oracle Linux operating system must be configured so that designated personnel are notified if baseline configurations are changed in an unauthorized manner.
<VulnDiscussion>Unauthorized changes to the baseline configuration could make the system vulnerable to various attacks or allow unauthorized ...Rule Medium Severity -
SRG-OS-000366-GPOS-00153
<GroupDescription></GroupDescription>Group -
The Oracle Linux operating system must confine SELinux users to roles that conform to least privilege.
<VulnDiscussion>Preventing nonprivileged users from executing privileged functions mitigates the risk that unauthorized individuals or proces...Rule Medium Severity -
SRG-OS-000324-GPOS-00125
<GroupDescription></GroupDescription>Group -
The Oracle Linux operating system must not allow privileged accounts to utilize SSH.
<VulnDiscussion>Preventing non-privileged users from executing privileged functions mitigates the risk that unauthorized individuals or proce...Rule Medium Severity -
SRG-OS-000324-GPOS-00125
<GroupDescription></GroupDescription>Group -
The Oracle Linux operating system must elevate the SELinux context when an administrator calls the sudo command.
<VulnDiscussion>Preventing nonprivileged users from executing privileged functions mitigates the risk that unauthorized individuals or proces...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
The Oracle Linux operating system must not have accounts configured with blank or null passwords.
<VulnDiscussion>If an account has an empty password, anyone could log on and run commands with the privileges of that account. Accounts with ...Rule High Severity -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
The Oracle Linux operating system must specify the default "include" directory for the /etc/sudoers file.
<VulnDiscussion>The "sudo" command allows authorized users to run programs (including shells) as other users, system users, and root. The "/e...Rule Medium Severity -
SRG-OS-000373-GPOS-00156
<GroupDescription></GroupDescription>Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.