Skip to content
Log In

Guide to the Secure Configuration of OpenEmbedded

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Enable automatic signing of all modules

    Sign all modules during make modules_install. Without this option, modules must be signed manually, using the scripts/sign-file tool. The configuration that was used to build kernel is available a...
    Rule Medium Severity
    Show

  • Require modules to be validly signed

    Reject unsigned modules or signed modules with an unknown key. The configuration that was used to build kernel is available at <code>/boot/config-*</code>. To check the configuration value for...
    Rule Medium Severity
    Show

  • Ensure All Accounts on the System Have Unique User IDs

    Change user IDs (UIDs), or delete accounts, so each has a unique name.
    Rule Medium Severity
    Show

  • Ensure All Groups on the System Have Unique Group ID

    Change the group name or delete groups, so each has a unique id.
    Rule Medium Severity
    Show

  • Ensure All Groups on the System Have Unique Group Names

    Change the group name or delete groups, so each has a unique name.
    Rule Medium Severity
    Show

  • Verify All Account Password Hashes are Shadowed

    If any password hashes are stored in <code>/etc/passwd</code> (in the second field, instead of an <code>x</code> or <code>*</code>), the cause of this misconfiguration should be investigated. The a...
    Rule Medium Severity
    Show

  • Ensure all users last password change date is in the past

    All users should have a password change date in the past.
    Rule Medium Severity
    Show

  • All GIDs referenced in /etc/passwd must be defined in /etc/group

    Add a group to the system for each GID referenced without a corresponding group.
    Rule Low Severity
    Show

  • Prevent Login to Accounts With Empty Password

    If an account is configured for password authentication but does not have an assigned password, it may be possible to log into the account without authentication. Remove any instances of the <code>...
    Rule High Severity
    Show

  • System Settings

    Contains rules that check correct system settings.
    Group
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules