Skip to content
ATO Pathways
  Log In

Guide to the Secure Configuration of Debian 12

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Explicit arguments in sudo specifications

    All commands in the sudoers file must strictly specify the arguments allowed to be used for a given user. If the command is supposed to be executed...
    Rule Medium Severity
    Show

  • Ensure gnutls-utils is installed

    The gnutls-utils package can be installed with the following command: 
    $ apt-get install gnutls-utils
    Rule Medium Severity
    Show

  • Ensure nss-tools is installed

    The nss-tools package can be installed with the following command: 
    $ apt-get install nss-tools
    Rule Medium Severity
    Show

  • Updating Software

    The <code>apt_get</code> command line tool is used to install and update software packages. The system also provides a graphical software update to...
    Group
    Show

  • Protect Accounts by Configuring PAM

    PAM, or Pluggable Authentication Modules, is a system which implements modular authentication for Linux programs. PAM provides a flexible and confi...
    Group
    Show

  • Password Hashing algorithm for pam_unix.so

    Specify the system default encryption algorithm for encrypting passwords. Defines the hashing algorithm to be used in pam_unix.so.
    Value
    Show

  • Install pam_pwquality Package

    The libpam-pwquality package can be installed with the following command: 
    $ apt-get install libpam-pwquality
    Rule Medium Severity
    Show

  • Limit Password Reuse

    Do not allow users to reuse recent passwords. This can be accomplished by using the <code>remember</code> option for the <code>pam_unix</code> or <...
    Rule Medium Severity
    Show

  • Lock Accounts After Failed Password Attempts

    This rule configures the system to lock out accounts after a number of incorrect login attempts using <code>pam_faillock.so</code>. pam_faillock.so...
    Rule Medium Severity
    Show

  • Set Interval For Counting Failed Password Attempts

    Utilizing <code>pam_faillock.so</code>, the <code>fail_interval</code> directive configures the system to lock out an account after a number of inc...
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules