Skip to content
Log In

Guide to the Secure Configuration of Debian 12

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Explicit arguments in sudo specifications

    All commands in the sudoers file must strictly specify the arguments allowed to be used for a given user. If the command is supposed to be executed only without arguments, pass "" as an argument in...
    Rule Medium Severity
    Show

  • Ensure gnutls-utils is installed

    The gnutls-utils package can be installed with the following command: 
    $ apt-get install gnutls-utils
    Rule Medium Severity
    Show

  • Ensure nss-tools is installed

    The nss-tools package can be installed with the following command: 
    $ apt-get install nss-tools
    Rule Medium Severity
    Show

  • Updating Software

    The <code>apt_get</code> command line tool is used to install and update software packages. The system also provides a graphical software update tool in the <b>System</b> menu, in the <b>Administra...
    Group
    Show

  • Protect Accounts by Configuring PAM

    PAM, or Pluggable Authentication Modules, is a system which implements modular authentication for Linux programs. PAM provides a flexible and configurable architecture for authentication, and it sh...
    Group
    Show

  • Password Hashing algorithm for pam_unix.so

    Specify the system default encryption algorithm for encrypting passwords. Defines the hashing algorithm to be used in pam_unix.so.
    Value
    Show

  • Install pam_pwquality Package

    The libpam-pwquality package can be installed with the following command: 
    $ apt-get install libpam-pwquality
    Rule Medium Severity
    Show

  • Limit Password Reuse

    Do not allow users to reuse recent passwords. This can be accomplished by using the remember option for the pam_unix or pam_pwhistory PAM modules.
    Rule Medium Severity
    Show

  • Lock Accounts After Failed Password Attempts

    This rule configures the system to lock out accounts after a number of incorrect login attempts using <code>pam_faillock.so</code>. pam_faillock.so module requires multiple entries in pam files. Th...
    Rule Medium Severity
    Show

  • Set Interval For Counting Failed Password Attempts

    Utilizing <code>pam_faillock.so</code>, the <code>fail_interval</code> directive configures the system to lock out an account after a number of incorrect login attempts within a specified time peri...
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules