Guide to the Secure Configuration of openEuler 2203
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Disable DNS Server
DNS software should be disabled on any systems which does not need to be a nameserver. Note that the BIND DNS server software is not installed on o...Group -
Samba(SMB) Microsoft Windows File Sharing Server
When properly configured, the Samba service allows Linux systems to provide file and print sharing to Microsoft Windows systems. There are two soft...Group -
SSH Max authentication attempts
Specify the maximum number of authentication attempts per connection.Value -
SSH Strong KEX by FIPS
Specify the FIPS approved KEXs (Key Exchange Algorithms) algorithms that are used for methods in cryptography by which cryptographic keys are exch...Value -
SSH Strong MACs by FIPS
Specify the FIPS approved MACs (Message Authentication Code) algorithms that are used for data integrity protection by the SSH server.Value -
SSH Max Sessions Count
Specify the maximum number of open sessions permitted.Value -
Configure OpenSSH Server if Necessary
If the system needs to act as an SSH server, then certain changes should be made to the OpenSSH daemon configuration file <code>/etc/ssh/sshd_confi...Group -
SSH LoginGraceTime setting
Configure parameters for how long the servers stays connected before the user has successfully logged inValue -
SSH MaxStartups setting
Configure parameters for maximum concurrent unauthenticated connections to the SSH daemon.Value -
Verify Permissions on Important Files and Directories
Permissions for many files on a system must be set restrictively to ensure sensitive information is properly protected. This section discusses impo...Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules