Guide to the Secure Configuration of OpenEmbedded
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Account Lockouts Must Persist
By setting a `dir` in the faillock configuration account lockouts will persist across reboots.Rule Medium Severity -
ocredit
Minimum number of other (special characters) in passwordValue -
retry
Number of retry attempts before erroring outValue -
ucredit
Minimum number of upper case in passwordValue -
container_connect_any SELinux Boolean
default - Default SELinux boolean setting.
on - SELinux boolean is enabled.
off - SELinux boolean is disabled.Value -
Configure Screen Locking
When a user must temporarily leave an account logged-in, screen locking should be employed to prevent passersby from abusing the account. User educ...Group -
cron_can_relabel SELinux Boolean
default - Default SELinux boolean setting.
on - SELinux boolean is enabled.
off - SELinux boolean is disabled.Value -
cron_system_cronjob_use_shares SELinux Boolean
default - Default SELinux boolean setting.
on - SELinux boolean is enabled.
off - SELinux boolean is disabled.Value -
Configure Console Screen Locking
A console screen locking mechanism is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the in...Group -
Hardware Tokens for Authentication
The use of hardware tokens such as smart cards for system login provides stronger, two-factor authentication than using a username and password. I...Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules