Guide to the Secure Configuration of Debian 12
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Enable Encrypted X11 Forwarding
By default, remote X11 connections are not encrypted when initiated by users. SSH has the capability to encrypt remote X11 connections when SSH's <...Rule High Severity -
Enable SSH Print Last Log
Ensure that SSH will display the date and time of the last successful account logon. <br> The default SSH configuration enables print of the date a...Rule Medium Severity -
Force frequent session key renegotiation
The <code>RekeyLimit</code> parameter specifies how often the session key of the is renegotiated, both in terms of amount of data that may be trans...Rule Medium Severity -
Ensure SSH MaxStartups is configured
The MaxStartups parameter specifies the maximum number of concurrent unauthenticated connections to the SSH daemon. Additional connections will be ...Rule Medium Severity -
Enable Use of Privilege Separation
When enabled, SSH will create an unprivileged child process that has the privilege of the authenticated user. To enable privilege separation in SSH...Rule Medium Severity -
System Accounting with auditd
The audit service provides substantial capabilities for recording system activities. By default, the service audits about SELinux AVC denials and c...Group -
Ensure the audit Subsystem is Installed
The audit package should be installed.Rule Medium Severity -
Configure auditd Data Retention
The audit system writes data to <code>/var/log/audit/audit.log</code>. By default, <code>auditd</code> rotates 5 logs by size (6MB), retaining a ma...Group -
Audit Configuration Files Must Be Owned By Root
All audit configuration files must be owned by root user. To properly set the owner of <code>/etc/audit/</code>, run the command: <pre>$ sudo chow...Rule Medium Severity -
Audit Configuration Files Permissions are 640 or More Restrictive
All audit configuration files permissions must be 640 or more restrictive. <pre>chmod 0640 /etc/audit/audit*.{rules,conf} /etc/audit/rules.d/*</pre...Rule Medium Severity -
Make the auditd Configuration Immutable
If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default),...Rule Medium Severity -
Record Events that Modify the System's Mandatory Access Controls in usr/share
If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default),...Rule Medium Severity -
Record Events that Modify the System's Network Environment
If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default),...Rule Medium Severity -
Ensure auditd Collects System Administrator Actions
At a minimum, the audit system should collect administrator actions for all users and root. If the <code>auditd</code> daemon is configured to use ...Rule Medium Severity -
Record Events that Modify User/Group Information
If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default),...Rule Medium Severity -
System Audit Logs Must Have Mode 0750 or Less Permissive
If <code>log_group</code> in <code>/etc/audit/auditd.conf</code> is set to a group other than the <code>root</code> group account, change the mode...Rule Medium Severity -
Audit Configuration Files Must Be Owned By Group root
All audit configuration files must be owned by group root.chown :root /etc/audit/audit*.{rules,conf} /etc/audit/rules.d/*Rule Medium Severity -
Record Events that Modify the System's Discretionary Access Controls
At a minimum, the audit system should collect file permission changes for all users and root. Note that the "-F arch=b32" lines should be present e...Group -
Record File Deletion Events by User
At a minimum, the audit system should collect file deletion events for all users and root. If the <code>auditd</code> daemon is configured to use t...Group -
Record Information on Kernel Modules Loading and Unloading
To capture kernel module loading and unloading events, use following lines, setting ARCH to either b32 for 32-bit system, or having two lines for b...Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.