Oracle Linux 8 Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-OS-000095-GPOS-00049
<GroupDescription></GroupDescription>Group -
OL 8 must disable the chrony daemon from acting as a server.
<VulnDiscussion>Inaccurate time stamps make it more difficult to correlate events and can lead to an inaccurate analysis. Determining the cor...Rule Low Severity -
SRG-OS-000095-GPOS-00049
<GroupDescription></GroupDescription>Group -
OL 8 must disable network management of the chrony daemon.
<VulnDiscussion>Inaccurate time stamps make it more difficult to correlate events and can lead to an inaccurate analysis. Determining the cor...Rule Low Severity -
SRG-OS-000095-GPOS-00049
<GroupDescription></GroupDescription>Group -
OL 8 must not have the telnet-server package installed.
<VulnDiscussion>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission ob...Rule High Severity -
SRG-OS-000095-GPOS-00049
<GroupDescription></GroupDescription>Group -
OL 8 must not have any automated bug reporting tools installed.
<VulnDiscussion>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission ob...Rule Medium Severity -
SRG-OS-000095-GPOS-00049
<GroupDescription></GroupDescription>Group -
OL 8 must not have the sendmail package installed.
<VulnDiscussion>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission ob...Rule Medium Severity -
SRG-OS-000095-GPOS-00049
<GroupDescription></GroupDescription>Group -
OL 8 must enable mitigations against processor-based vulnerabilities.
<VulnDiscussion>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission ob...Rule Low Severity -
SRG-OS-000095-GPOS-00049
<GroupDescription></GroupDescription>Group -
OL 8 must not have the rsh-server package installed.
<VulnDiscussion>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission ob...Rule High Severity -
SRG-OS-000095-GPOS-00049
<GroupDescription></GroupDescription>Group -
OL 8 must cover or disable the built-in or attached camera when not in use.
<VulnDiscussion>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission ob...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
OL 8 must not have the asynchronous transfer mode (ATM) kernel module installed if not required for operational support.
<VulnDiscussion>The ATM is a transport layer protocol designed for digital transmission of multiple types of traffic, including telephony (v...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
OL 8 must not have the Controller Area Network (CAN) kernel module installed if not required for operational support.
<VulnDiscussion>The CAN protocol is a robust vehicle bus standard designed to allow microcontrollers and devices to communicate with each oth...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.