Skip to content
Log In

Guide to the Secure Configuration of OpenEmbedded

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Ensure Only Users Logged In To Real tty Can Execute Sudo - sudo use_pty

    The sudo <code>use_pty</code> tag, when specified, will only execute sudo commands from users logged in to a real tty. This should be enabled by making sure that the <code>use_pty</code> tag exists...
    Rule Medium Severity
    Show

  • Ensure Sudo Logfile Exists - sudo logfile

    A custom log sudo file can be configured with the 'logfile' tag. This rule configures a sudo custom logfile at the default location suggested by CIS, which uses /var/log/sudo.log.
    Rule Low Severity
    Show

  • Don't define allowed commands in sudoers by means of exclusion

    Policies applied by sudo through the sudoers file should not involve negation. Each user specification in the <code>sudoers</code> file contains a comma-delimited list of command specifications. T...
    Rule Medium Severity
    Show

  • Don't target root user in the sudoers file

    The targeted users of a user specification should be, as much as possible, non privileged users (i.e.: non-root). User specifications have to explicitly list the runas spec (i.e. the list of targe...
    Rule Medium Severity
    Show

  • System Tooling / Utilities

    The following checks evaluate the system for recommended base packages -- both for installation and removal.
    Group
    Show

  • Ensure nss-tools is installed

    The nss-tools package can be installed with the following command: 
    $ sudo dnf install nss-tools
    Rule Medium Severity
    Show

  • Updating Software

    The <code>dnf</code> command line tool is used to install and update software packages. The system also provides a graphical software update tool in the <b>System</b> menu, in the <b>Administration...
    Group
    Show

  • Account and Access Control

    In traditional Unix security, if an attacker gains shell access to a certain login account, they can perform any action or access any file to which that account has access. Therefore, making it mor...
    Group
    Show

  • Warning Banners for System Accesses

    Each system should expose as little information about itself as possible. <br> <br> System banners, which are typically displayed just before a login prompt, give out information about the s...
    Group
    Show

  • Login Banner Verbiage

    Enter an appropriate login banner for your organization. Please note that new lines must be expressed by the '\n' character and special characters like parentheses and quotation marks must be escap...
    Value
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules