Guide to the Secure Configuration of Debian 12
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Disable SSH Server If Possible
The SSH server service, sshd, is commonly needed. However, if it can be disabled, do so. This is unusual, as SSH is a common method for encrypted ...Rule High Severity -
Verify Group Ownership on SSH Server Private *_key Key Files
SSH server private keys, files that match the/etc/ssh/*_keyglob, must be group-owned byrootgroup.Rule Medium Severity -
Verify Group Ownership on SSH Server Public *.pub Key Files
SSH server public keys, files that match the/etc/ssh/*.pubglob, must be group-owned byrootgroup.Rule Medium Severity -
Specify module signing key to use
Setting this option to something other than its default of <code>certs/signing_key.pem</code> will disable the autogeneration of signing keys and a...Rule Medium Severity -
Sign kernel modules with SHA-512
This configures the kernel to build and sign modules using SHA512 as the hash function. The configuration that was used to build kernel is availab...Rule Medium Severity -
Enable poison without sanity check
Skip the sanity checking on alloc, only fill the pages with poison on free. This reduces some of the overhead of the poisoning feature. This config...Rule Medium Severity -
Verify Ownership on SSH Server Private *_key Key Files
SSH server private keys, files that match the/etc/ssh/*_keyglob, must be owned byrootuser.Rule Medium Severity -
Use zero for poisoning instead of debugging value
Instead of using the existing poison value, fill the pages with zeros. This makes it harder to detect when errors are occurring due to sanitization...Rule Medium Severity -
Remove the kernel mapping in user mode
This feature reduces the number of hardware side channels by ensuring that the majority of kernel addresses are not mapped into userspace. This con...Rule High Severity -
Verify Ownership on SSH Server Public *.pub Key Files
SSH server public keys, files that match the/etc/ssh/*.pubglob, must be owned byrootuser.Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules