Guide to the Secure Configuration of Debian 12
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Verify Permissions On /etc/chrony.keys File
To properly set the permissions of/etc/chrony.keys, run the command:$ sudo chmod 0600 /etc/chrony.keys
Rule Medium Severity -
Obsolete Services
This section discusses a number of network-visible services which have historically caused problems for system security, and for which disabling or...Group -
Uninstall xinetd Package
Thexinetdpackage can be removed with the following command:$ apt-get remove xinetd
Rule Low Severity -
Remove NIS Client
The Network Information Service (NIS), formerly known as Yellow Pages, is a client-server directory service protocol used to distribute system conf...Rule Unknown Severity -
Uninstall ypserv Package
Theypservpackage can be removed with the following command:$ apt-get remove ypserv
Rule High Severity -
Uninstall rsh-server Package
Thersh-serverpackage can be removed with the following command:$ apt-get remove rsh-server
Rule High Severity -
Uninstall rsh Package
Thershpackage contains the client commands for the rsh servicesRule Unknown Severity -
Remove Rsh Trust Files
The files <code>/etc/hosts.equiv</code> and <code>~/.rhosts</code> (in each user's home directory) list remote hosts and users that are trusted by ...Rule High Severity -
Uninstall talk-server Package
Thetalk-serverpackage can be removed with the following command:$ apt-get remove talk-server
Rule Medium Severity -
Uninstall talk Package
The <code>talk</code> package contains the client program for the Internet talk protocol, which allows the user to chat with other users on differe...Rule Medium Severity -
Uninstall telnet-server Package
Thetelnet-serverpackage can be removed with the following command:$ apt-get remove telnet-server
Rule High Severity -
Remove telnet Clients
The telnet client allows users to start connections to other systems via the telnet protocol.Rule Low Severity -
Uninstall tftp-server Package
Thetftp-serverpackage can be removed with the following command:$ apt-get remove tftp-server
Rule High Severity -
Remove tftp Daemon
Trivial File Transfer Protocol (TFTP) is a simple file transfer protocol, typically used to automatically transfer configuration or boot files betw...Rule Low Severity -
Uninstall net-snmp Package
The <code>snmp</code> package provides the snmpd service. The <code>snmp</code> package can be removed with the following command: <pre> $ apt-get...Rule Unknown Severity -
Configure SNMP Server if Necessary
If it is necessary to run the snmpd agent on the system, some best practices should be followed to minimize the security risk from the installation...Group -
SSH is required to be installed
Specify if the Policy requires SSH to be installed. Used by SSH Rules to determine if SSH should be uninstalled or configured.<br> A value of 0 mea...Value -
Install the OpenSSH Server Package
The <code>openssh-server</code> package should be installed. The <code>openssh-server</code> package can be installed with the following command: <...Rule Medium Severity -
Remove the OpenSSH Server Package
The <code>openssh-server</code> package should be removed. The <code>openssh-server</code> package can be removed with the following command: <pre>...Rule Medium Severity -
Verify Group Who Owns SSH Server config file
To properly set the group owner of/etc/ssh/sshd_config, run the command:$ sudo chgrp root /etc/ssh/sshd_config
Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.