Skip to content

Guide to the Secure Configuration of OpenEmbedded

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Disable Core Dumps for All Users

    To disable core dumps for all users, add the following line to <code>/etc/security/limits.conf</code>, or to a file within the <code>/etc/security/...
    Rule Medium Severity
  • Disable Core Dumps for SUID programs

    To set the runtime status of the <code>fs.suid_dumpable</code> kernel parameter, run the following command: <pre>$ sudo sysctl -w fs.suid_dumpable=...
    Rule Medium Severity
  • Daemon Umask

    The umask is a per-process setting which limits the default permissions for creation of new files and directories. The system includes initializati...
    Group
  • daemon umask

    Enter umask for daemons
    Value
  • Enable ExecShield

    ExecShield describes kernel features that provide protection against exploitation of memory corruption errors such as buffer overflows. These featu...
    Group

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules