Guide to the Secure Configuration of OpenEmbedded
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Ensure Solid State Drives Do Not Contribute To Random-Number Entropy Pool
For each solid-state drive on the system, run:# echo 0 > /sys/block/DRIVE/queue/add_random
Rule Medium Severity -
Kernel Configuration
Contains rules that check the kernel configuration that was used to build it.Group -
Hash function for kernel module signing
The hash function to use when signing modules during kernel build process.Value -
Key and certificate for kernel module signing
The private key and certificate to use when signing modules during kernel build process. On systems where the OpenSSL ENGINE_pkcs11 is functional —...Value -
Kernel panic timeout
The time, in seconds, to wait until a reboot occurs. If the value is <code>0</code> the system never reboots. If the value is less than <code>0</co...Value -
sge_domain_can_network_connect SELinux Boolean
default - Default SELinux boolean setting.
on - SELinux boolean is enabled.
off - SELinux boolean is disabled.Value -
sge_use_nfs SELinux Boolean
default - Default SELinux boolean setting.
on - SELinux boolean is enabled.
off - SELinux boolean is disabled.Value -
smartmon_3ware SELinux Boolean
default - Default SELinux boolean setting.
on - SELinux boolean is enabled.
off - SELinux boolean is disabled.Value -
smbd_anon_write SELinux Boolean
default - Default SELinux boolean setting.
on - SELinux boolean is enabled.
off - SELinux boolean is disabled.Value -
spamassassin_can_network SELinux Boolean
default - Default SELinux boolean setting.
on - SELinux boolean is enabled.
off - SELinux boolean is disabled.Value -
spamd_enable_home_dirs SELinux Boolean
default - Default SELinux boolean setting.
on - SELinux boolean is enabled.
off - SELinux boolean is disabled.Value -
squid_connect_any SELinux Boolean
default - Default SELinux boolean setting.
on - SELinux boolean is enabled.
off - SELinux boolean is disabled.Value -
squid_use_tproxy SELinux Boolean
default - Default SELinux boolean setting.
on - SELinux boolean is enabled.
off - SELinux boolean is disabled.Value -
ssh_chroot_rw_homedirs SELinux Boolean
default - Default SELinux boolean setting.
on - SELinux boolean is enabled.
off - SELinux boolean is disabled.Value -
ssh_keysign SELinux Boolean
default - Default SELinux boolean setting.
on - SELinux boolean is enabled.
off - SELinux boolean is disabled.Value -
ssh_sysadm_login SELinux Boolean
default - Default SELinux boolean setting.
on - SELinux boolean is enabled.
off - SELinux boolean is disabled.Value -
staff_exec_content SELinux Boolean
default - Default SELinux boolean setting.
on - SELinux boolean is enabled.
off - SELinux boolean is disabled.Value -
staff_use_svirt SELinux Boolean
default - Default SELinux boolean setting.
on - SELinux boolean is enabled.
off - SELinux boolean is disabled.Value -
swift_can_network SELinux Boolean
default - Default SELinux boolean setting.
on - SELinux boolean is enabled.
off - SELinux boolean is disabled.Value -
sysadm_exec_content SELinux Boolean
default - Default SELinux boolean setting.
on - SELinux boolean is enabled.
off - SELinux boolean is disabled.Value -
telepathy_connect_all_ports SELinux Boolean
default - Default SELinux boolean setting.
on - SELinux boolean is enabled.
off - SELinux boolean is disabled.Value -
telepathy_tcp_connect_generic_network_ports SELinux Boolean
default - Default SELinux boolean setting.
on - SELinux boolean is enabled.
off - SELinux boolean is disabled.Value -
tftp_anon_write SELinux Boolean
default - Default SELinux boolean setting.
on - SELinux boolean is enabled.
off - SELinux boolean is disabled.Value -
tftp_home_dir SELinux Boolean
default - Default SELinux boolean setting.
on - SELinux boolean is enabled.
off - SELinux boolean is disabled.Value -
tmpreaper_use_nfs SELinux Boolean
default - Default SELinux boolean setting.
on - SELinux boolean is enabled.
off - SELinux boolean is disabled.Value -
tmpreaper_use_samba SELinux Boolean
default - Default SELinux boolean setting.
on - SELinux boolean is enabled.
off - SELinux boolean is disabled.Value -
tor_bind_all_unreserved_ports SELinux Boolean
default - Default SELinux boolean setting.
on - SELinux boolean is enabled.
off - SELinux boolean is disabled.Value -
tor_can_network_relay SELinux Boolean
default - Default SELinux boolean setting.
on - SELinux boolean is enabled.
off - SELinux boolean is disabled.Value -
unconfined_chrome_sandbox_transition SELinux Boolean
default - Default SELinux boolean setting.
on - SELinux boolean is enabled.
off - SELinux boolean is disabled.Value -
unconfined_login SELinux Boolean
default - Default SELinux boolean setting.
on - SELinux boolean is enabled.
off - SELinux boolean is disabled.Value -
unconfined_mozilla_plugin_transition SELinux Boolean
default - Default SELinux boolean setting.
on - SELinux boolean is enabled.
off - SELinux boolean is disabled.Value -
unprivuser_use_svirt SELinux Boolean
default - Default SELinux boolean setting.
on - SELinux boolean is enabled.
off - SELinux boolean is disabled.Value -
use_ecryptfs_home_dirs SELinux Boolean
default - Default SELinux boolean setting.
on - SELinux boolean is enabled.
off - SELinux boolean is disabled.Value -
use_fusefs_home_dirs SELinux Boolean
default - Default SELinux boolean setting.
on - SELinux boolean is enabled.
off - SELinux boolean is disabled.Value -
use_lpd_server SELinux Boolean
default - Default SELinux boolean setting.
on - SELinux boolean is enabled.
off - SELinux boolean is disabled.Value -
use_nfs_home_dirs SELinux Boolean
default - Default SELinux boolean setting.
on - SELinux boolean is enabled.
off - SELinux boolean is disabled.Value -
use_samba_home_dirs SELinux Boolean
default - Default SELinux boolean setting.
on - SELinux boolean is enabled.
off - SELinux boolean is disabled.Value -
user_exec_content SELinux Boolean
default - Default SELinux boolean setting.
on - SELinux boolean is enabled.
off - SELinux boolean is disabled.Value -
varnishd_connect_any SELinux Boolean
default - Default SELinux boolean setting.
on - SELinux boolean is enabled.
off - SELinux boolean is disabled.Value -
virt_read_qemu_ga_data SELinux Boolean
default - Default SELinux boolean setting.
on - SELinux boolean is enabled.
off - SELinux boolean is disabled.Value -
virt_rw_qemu_ga_data SELinux Boolean
default - Default SELinux boolean setting.
on - SELinux boolean is enabled.
off - SELinux boolean is disabled.Value -
virt_sandbox_use_all_caps SELinux Boolean
default - Default SELinux boolean setting.
on - SELinux boolean is enabled.
off - SELinux boolean is disabled.Value -
virt_sandbox_use_audit SELinux Boolean
default - Default SELinux boolean setting.
on - SELinux boolean is enabled.
off - SELinux boolean is disabled.Value -
virt_sandbox_use_mknod SELinux Boolean
default - Default SELinux boolean setting.
on - SELinux boolean is enabled.
off - SELinux boolean is disabled.Value -
virt_sandbox_use_netlink SELinux Boolean
default - Default SELinux boolean setting.
on - SELinux boolean is enabled.
off - SELinux boolean is disabled.Value -
virt_sandbox_use_sys_admin SELinux Boolean
default - Default SELinux boolean setting.
on - SELinux boolean is enabled.
off - SELinux boolean is disabled.Value -
virt_transition_userdomain SELinux Boolean
default - Default SELinux boolean setting.
on - SELinux boolean is enabled.
off - SELinux boolean is disabled.Value -
virt_use_comm SELinux Boolean
default - Default SELinux boolean setting.
on - SELinux boolean is enabled.
off - SELinux boolean is disabled.Value -
virt_use_execmem SELinux Boolean
default - Default SELinux boolean setting.
on - SELinux boolean is enabled.
off - SELinux boolean is disabled.Value -
virt_use_fusefs SELinux Boolean
default - Default SELinux boolean setting.
on - SELinux boolean is enabled.
off - SELinux boolean is disabled.Value
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.