Guide to the Secure Configuration of Debian 12
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Verify the UEFI Boot Loader grub.cfg Group Ownership
The file <code>/boot/grub2/grub.cfg</code> should be group-owned by the <code>root</code> group to prevent destruction or modification of the file....Rule Medium Severity -
Verify /boot/grub2/user.cfg Group Ownership
The file <code>/boot/grub2/user.cfg</code> should be group-owned by the <code>root</code> group to prevent reading or modification of the file. To...Rule Medium Severity -
Emulate Privileged Access Never (PAN)
Enabling this option prevents the kernel from accessing user-space memory directly by pointing TTBR0_EL1 to a reserved zeroed area and reserved ASI...Rule Medium Severity -
Trigger a kernel BUG when data corruption is detected
This option makes the kernel BUG when it encounters data corruption in kernel memory structures when they get checked for validity. This configurat...Rule Low Severity -
Warn on W+X mappings found at boot
Generate a warning if any W+X mappings are found at boot. This configuration is available from kernel 5.8. The configuration that was used to buil...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules