Guide to the Secure Configuration of OpenEmbedded
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SSSD ssh_known_hosts_timeout option
Value of the ssh_known_hosts_timeout option in the [ssh] section of SSSD configuration file /etc/sssd/sssd.conf.Value -
System Security Services Daemon (SSSD) - LDAP
The System Security Services Daemon (SSSD) is a system daemon that provides access to different identity and authentication providers such as Red H...Group -
SSSD LDAP Backend Client CA Certificate Location
Path of a directory that contains Certificate Authority certificates.Value -
USBGuard daemon
The USBGuard daemon enforces the USB device authorization policy for all USB devices.Group -
X Window System
The X Window System implementation included with the system is called X.org.Group -
Disable X Windows
Unless there is a mission-critical reason for the system to run a graphical user interface, ensure X is not set to start automatically at boot and ...Group -
Introduction
The purpose of this guidance is to provide security configuration recommendations and baselines for the OpenEmbedded operating system. Recommended ...Group -
General Principles
The following general principles motivate much of the advice in this guide and should also influence any configuration decisions that are not expli...Group -
Minimize Software to Minimize Vulnerability
The simplest way to avoid vulnerabilities in software is to avoid installing that software. On OpenEmbedded,the RPM Package Manager (originally Red...Group -
Run Different Network Services on Separate Systems
Whenever possible, a server should be dedicated to serving exactly one network service. This limits the number of other services that can be compro...Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules