Skip to content
ATO Pathways
  Log In

Guide to the Secure Configuration of openEuler 2203

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Verify User Who Owns Backup shadow File

    To properly set the group owner of /etc/shadow-, run the command: 
    $ sudo chgrp root /etc/shadow-
    Rule Medium Severity
    Show

  • Verify Group Who Owns group File

    To properly set the group owner of /etc/group, run the command: 
    $ sudo chgrp root /etc/group
    Rule Medium Severity
    Show

  • Verify Group Who Owns gshadow File

    To properly set the group owner of /etc/gshadow, run the command: 
    $ sudo chgrp root /etc/gshadow
    Rule Medium Severity
    Show

  • Verify Group Who Owns passwd File

    To properly set the group owner of /etc/passwd, run the command: 
    $ sudo chgrp root /etc/passwd
    Rule Medium Severity
    Show

  • Verify User Who Owns Backup group File

    To properly set the owner of /etc/group-, run the command: 
    $ sudo chown root /etc/group-
    Rule Medium Severity
    Show

  • Verify User Who Owns Backup gshadow File

    To properly set the owner of /etc/gshadow-, run the command: 
    $ sudo chown root /etc/gshadow-
    Rule Medium Severity
    Show

  • Verify User Who Owns Backup passwd File

    To properly set the owner of /etc/passwd-, run the command: 
    $ sudo chown root /etc/passwd-
    Rule Medium Severity
    Show

  • Verify Group Who Owns Backup shadow File

    To properly set the owner of /etc/shadow-, run the command: 
    $ sudo chown root /etc/shadow-
    Rule Medium Severity
    Show

  • Verify User Who Owns group File

    To properly set the owner of /etc/group, run the command: 
    $ sudo chown root /etc/group
    Rule Medium Severity
    Show

  • Verify User Who Owns gshadow File

    To properly set the owner of /etc/gshadow, run the command: 
    $ sudo chown root /etc/gshadow
    Rule Medium Severity
    Show

  • Verify User Who Owns passwd File

    To properly set the owner of /etc/passwd, run the command: 
    $ sudo chown root /etc/passwd
    Rule Medium Severity
    Show

  • Verify User Who Owns shadow File

    To properly set the owner of /etc/shadow, run the command: 
    $ sudo chown root /etc/shadow
    Rule Medium Severity
    Show

  • Verify Permissions on Backup group File

    To properly set the permissions of /etc/group-, run the command: 
    $ sudo chmod 0644 /etc/group-
    Rule Medium Severity
    Show

  • Verify Permissions on Backup gshadow File

    To properly set the permissions of /etc/gshadow-, run the command: 
    $ sudo chmod 0000 /etc/gshadow-
    Rule Medium Severity
    Show

  • Verify Permissions on Backup passwd File

    To properly set the permissions of /etc/passwd-, run the command: 
    $ sudo chmod 0644 /etc/passwd-
    Rule Medium Severity
    Show

  • Verify Permissions on Backup shadow File

    To properly set the permissions of /etc/shadow-, run the command: 
    $ sudo chmod 0000 /etc/shadow-
    Rule Medium Severity
    Show

  • Verify Permissions on group File

    To properly set the permissions of /etc/group, run the command: 
    $ sudo chmod 0644 /etc/group
    Rule Medium Severity
    Show

  • Verify Group Ownership of Message of the Day Banner

    To properly set the group owner of /etc/motd, run the command: 
    $ sudo chgrp root /etc/motd
    Rule Medium Severity
    Show

  • Verify Permissions on passwd File

    To properly set the permissions of /etc/passwd, run the command: 
    $ sudo chmod 0644 /etc/passwd
    Rule Medium Severity
    Show

  • Verify ownership of System Login Banner

    To properly set the owner of /etc/issue, run the command: 
    $ sudo chown root /etc/issue
    Rule Medium Severity
    Show

  • Verify Permissions on shadow File

    To properly set the permissions of /etc/shadow, run the command: 
    $ sudo chmod 0000 /etc/shadow
    Rule Medium Severity
    Show

  • Enable cron Service

    The <code>crond</code> service is used to execute commands at preconfigured times. It is required by almost all systems to perform necessary mainte...
    Rule Medium Severity
    Show

  • Verify Group Who Owns cron.d

    To properly set the group owner of /etc/cron.d, run the command: 
    $ sudo chgrp root /etc/cron.d
    Rule Medium Severity
    Show

  • Verify Group Who Owns cron.daily

    To properly set the group owner of /etc/cron.daily, run the command: 
    $ sudo chgrp root /etc/cron.daily
    Rule Medium Severity
    Show

  • Verify Group Who Owns cron.hourly

    To properly set the group owner of /etc/cron.hourly, run the command: 
    $ sudo chgrp root /etc/cron.hourly
    Rule Medium Severity
    Show

  • Verify Group Who Owns cron.monthly

    To properly set the group owner of /etc/cron.monthly, run the command: 
    $ sudo chgrp root /etc/cron.monthly
    Rule Medium Severity
    Show

  • Verify Group Who Owns cron.weekly

    To properly set the group owner of /etc/cron.weekly, run the command: 
    $ sudo chgrp root /etc/cron.weekly
    Rule Medium Severity
    Show

  • Verify Group Who Owns Crontab

    To properly set the group owner of /etc/crontab, run the command: 
    $ sudo chgrp root /etc/crontab
    Rule Medium Severity
    Show

  • Verify Owner on cron.d

    To properly set the owner of /etc/cron.d, run the command: 
    $ sudo chown root /etc/cron.d
    Rule Medium Severity
    Show

  • Verify Owner on cron.daily

    To properly set the owner of /etc/cron.daily, run the command: 
    $ sudo chown root /etc/cron.daily
    Rule Medium Severity
    Show

  • Verify Owner on cron.hourly

    To properly set the owner of /etc/cron.hourly, run the command: 
    $ sudo chown root /etc/cron.hourly
    Rule Medium Severity
    Show

  • Verify Owner on cron.monthly

    To properly set the owner of /etc/cron.monthly, run the command: 
    $ sudo chown root /etc/cron.monthly
    Rule Medium Severity
    Show

  • Verify ownership of System Login Banner for Remote Connections

    To properly set the owner of /etc/issue.net, run the command: 
    $ sudo chown root /etc/issue.net
    Rule Medium Severity
    Show

  • Verify ownership of Message of the Day Banner

    To properly set the owner of /etc/motd, run the command: 
    $ sudo chown root /etc/motd
    Rule Medium Severity
    Show

  • Verify permissions on System Login Banner

    To properly set the permissions of /etc/issue, run the command: 
    $ sudo chmod 0644 /etc/issue
    Rule Medium Severity
    Show

  • Verify Owner on cron.weekly

    To properly set the owner of /etc/cron.weekly, run the command: 
    $ sudo chown root /etc/cron.weekly
    Rule Medium Severity
    Show

  • Verify Owner on crontab

    To properly set the owner of /etc/crontab, run the command: 
    $ sudo chown root /etc/crontab
    Rule Medium Severity
    Show

  • Verify Permissions on cron.d

    To properly set the permissions of /etc/cron.d, run the command: 
    $ sudo chmod 0700 /etc/cron.d
    Rule Medium Severity
    Show

  • Verify Permissions on cron.daily

    To properly set the permissions of /etc/cron.daily, run the command: 
    $ sudo chmod 0700 /etc/cron.daily
    Rule Medium Severity
    Show

  • Verify Permissions on cron.hourly

    To properly set the permissions of /etc/cron.hourly, run the command: 
    $ sudo chmod 0700 /etc/cron.hourly
    Rule Medium Severity
    Show

  • Verify Permissions on cron.monthly

    To properly set the permissions of /etc/cron.monthly, run the command: 
    $ sudo chmod 0700 /etc/cron.monthly
    Rule Medium Severity
    Show

  • Verify permissions on System Login Banner for Remote Connections

    To properly set the permissions of /etc/issue.net, run the command: 
    $ sudo chmod 0644 /etc/issue.net
    Rule Medium Severity
    Show

  • Verify Permissions on cron.weekly

    To properly set the permissions of /etc/cron.weekly, run the command: 
    $ sudo chmod 0700 /etc/cron.weekly
    Rule Medium Severity
    Show

  • Verify Permissions on crontab

    To properly set the permissions of /etc/crontab, run the command: 
    $ sudo chmod 0600 /etc/crontab
    Rule Medium Severity
    Show

  • Verify permissions on Message of the Day Banner

    To properly set the permissions of /etc/motd, run the command: 
    $ sudo chmod 0644 /etc/motd
    Rule Medium Severity
    Show

  • Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces

    To set the runtime status of the <code>net.ipv4.conf.all.rp_filter</code> kernel parameter, run the following command: <pre>$ sudo sysctl -w net.ip...
    Rule Medium Severity
    Show

  • Disable Kernel Parameter for Accepting Secure ICMP Redirects on all IPv4 Interfaces

    To set the runtime status of the <code>net.ipv4.conf.all.secure_redirects</code> kernel parameter, run the following command: <pre>$ sudo sysctl -w...
    Rule Medium Severity
    Show

  • Warning Banners for System Accesses

    Each system should expose as little information about itself as possible. <br> <br> System banners, which are typically displayed just befor...
    Group
    Show

  • Verify Group Ownership of System Login Banner

    To properly set the group owner of /etc/issue, run the command: 
    $ sudo chgrp root /etc/issue
    Rule Medium Severity
    Show

  • Configure System Cryptography Policy

    To configure the system cryptography policy to use ciphers only from the <code><xccdf-1.2:sub idref="xccdf_org.ssgproject.content_value_var_system_...
    Rule High Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules