Guide to the Secure Configuration of openEuler 2203
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Ensure gpgcheck Enabled for All dnf Package Repositories
To ensure signature checking is not disabled for any repos, remove any lines from files in <code>/etc/yum.repos.d</code> of the form: <pre>gpgcheck...Rule High Severity -
The operating system must restrict privilege elevation to authorized personnel
The sudo command allows a user to execute programs with elevated (administrator) privileges. It prompts the user for their password and confirms yo...Rule Medium Severity -
remember
The last n passwords for each user are saved in <code>/etc/security/opasswd</code> in order to force password change history and keep the user from...Value -
Set Lockouts for Failed Password Attempts
The <code>pam_faillock</code> PAM module provides the capability to lock out user accounts after a number of failed login attempts. Its documentati...Group -
fail_deny
Number of failed login attempts before account lockoutValue
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules