Skip to content
ATO Pathways
  Log In

Guide to the Secure Configuration of Debian 12

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Verify User Who Owns /etc/sudoers File

    To properly set the owner of /etc/sudoers, run the command: 
    $ sudo chown root /etc/sudoers
    Rule Medium Severity
    Show

  • Verify Permissions On /etc/sudoers File

    To properly set the permissions of /etc/sudoers, run the command: 
    $ sudo chmod 0440 /etc/sudoers
    Rule Medium Severity
    Show

  • Ensure That the sudo Binary Has the Correct Permissions

    To properly set the permissions of /usr/bin/sudo, run the command: 
    $ sudo chmod 4111 /usr/bin/sudo
    Rule Medium Severity
    Show

  • Ensure sudo Runs In A Minimal Environment - sudo env_reset

    The sudo <code>env_reset</code> tag, when specified, will run the command in a minimal environment, containing the TERM, PATH, HOME, MAIL, SHELL, L...
    Rule Medium Severity
    Show

  • Ensure sudo umask is appropriate - sudo umask

    The sudo <code>umask</code> tag, when specified, will be added the to the user's umask in the command environment. The umask should be configured b...
    Rule Medium Severity
    Show

  • Ensure a dedicated group owns sudo

    Restrict the execution of privilege escalated commands to a dedicated group of users. Ensure the group owner of /usr/bin/sudo is <xccdf-1.2:sub xml...
    Rule Medium Severity
    Show

  • Ensure Users Re-Authenticate for Privilege Escalation - sudo !authenticate

    The sudo <code>!authenticate</code> option, when specified, allows a user to execute commands using sudo without having to authenticate. This shoul...
    Rule Medium Severity
    Show

  • Ensure Users Re-Authenticate for Privilege Escalation - sudo NOPASSWD

    The sudo <code>NOPASSWD</code> tag, when specified, allows a user to execute commands using sudo without having to authenticate. This should be dis...
    Rule Medium Severity
    Show

  • Ensure Users Re-Authenticate for Privilege Escalation - sudo

    The sudo <code>NOPASSWD</code> and <code>!authenticate</code> option, when specified, allows a user to execute commands using sudo without having t...
    Rule Medium Severity
    Show

  • Only the VDSM User Can Use sudo NOPASSWD

    The sudo <code>NOPASSWD</code> tag, when specified, allows a user to execute commands using sudo without having to authenticate. Only the <code>vds...
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules