Guide to the Secure Configuration of Debian 12
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Add nosuid Option to /home
The <code>nosuid</code> mount option can be used to prevent execution of setuid programs in <code>/home</code>. The SUID and SGID permissions shoul...Rule Medium Severity -
Add nosuid Option to /opt
The <code>nosuid</code> mount option can be used to prevent execution of setuid programs in <code>/opt</code>. The SUID and SGID permissions should...Rule Medium Severity -
The Chrony package is installed
System time should be synchronized between all systems in an environment. This is typically done by establishing an authoritative time server or se...Rule Medium Severity -
Add nosuid Option to /srv
The <code>nosuid</code> mount option can be used to prevent execution of setuid programs in <code>/srv</code>. The SUID and SGID permissions should...Rule Medium Severity -
Add noexec Option to /tmp
The <code>noexec</code> mount option can be used to prevent binaries from being executed out of <code>/tmp</code>. Add the <code>noexec</code> opti...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules