Skip to content
ATO Pathways
  Log In

Guide to the Secure Configuration of Debian 12

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Set Password Hashing Algorithm in /etc/login.defs

    In <code>/etc/login.defs</code>, add or update the following line to ensure the system will use <xccdf-1.2:sub idref="xccdf_org.ssgproject.content_...
    Rule Medium Severity
    Show

  • Configure Logind to terminate idle sessions after certain time of inactivity

    To configure <code>logind</code> service to terminate inactive user sessions after <xccdf-1.2:sub idref="xccdf_org.ssgproject.content_value_var_log...
    Rule Medium Severity
    Show

  • Set Account Expiration Parameters

    Accounts can be configured to be automatically disabled after a certain time period, meaning that they will require administrator interaction to be...
    Group
    Show

  • Restrict Serial Port Root Logins

    To restrict root logins on serial ports, ensure lines of this form do not appear in /etc/securetty: 
    ttyS0
ttyS1
    Rule Medium Severity
    Show

  • Restrict Virtual Console Root Logins

    To restrict root logins through the (deprecated) virtual console devices, ensure lines of this form do not appear in <code>/etc/securetty</code>: <...
    Rule Medium Severity
    Show

  • Set Password Expiration Parameters

    The file <code>/etc/login.defs</code> controls several password-related settings. Programs such as <code>passwd</code>, <code>su</code>, and <code>...
    Group
    Show

  • Maximum Root Password Age

    Maximum age of password in days for the root account
    Value
    Show

  • Set Password Minimum Length in login.defs

    To specify password length requirements for new accounts, edit the file <code>/etc/login.defs</code> and add or correct the following line: <pre>PA...
    Rule Medium Severity
    Show

  • Set Root Account Password Maximum Age

    Configure the root account to enforce a <xccdf-1.2:sub idref="xccdf_org.ssgproject.content_value_var_accounts_maximum_age_root" use="legacy"></xccd...
    Rule Medium Severity
    Show

  • Password Hashing algorithm

    Specify the number of rounds for the system password encryption algorithm. Defines the value set in <code>/etc/pam.d/system-auth</code> and <code>/...
    Value
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules