Skip to content
Log In

Guide to the Secure Configuration of OpenEmbedded

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Set SSH Daemon LogLevel to VERBOSE

    The <code>VERBOSE</code> parameter configures the SSH daemon to record login and logout activity. To specify the log level in SSH, add or correct the following line in <code>/etc/ssh/sshd_config<...
    Rule Medium Severity
    Show

  • Set SSH authentication attempt limit

    The <code>MaxAuthTries</code> parameter specifies the maximum number of authentication attempts permitted per connection. Once the number of failures reaches half this value, additional failures ar...
    Rule Medium Severity
    Show

  • Set SSH MaxSessions limit

    The <code>MaxSessions</code> parameter specifies the maximum number of open sessions permitted from a given connection. To set MaxSessions edit <code>/etc/ssh/sshd_config</code> as follows: <pre>Ma...
    Rule Medium Severity
    Show

  • Enable Use of Privilege Separation

    When enabled, SSH will create an unprivileged child process that has the privilege of the authenticated user. To enable privilege separation in SSH, add or correct the following line in the <code>/...
    Rule Medium Severity
    Show

  • Record Information on the Use of Privileged Commands

    At a minimum, the audit system should collect the execution of privileged commands for all users and root.
    Group
    Show

  • Action for auditd to take when disk is full

    'The setting for disk_full_action in /etc/audit/auditd.conf, if multiple values are allowed write them separated by pipes as in "syslog|single|halt", for remediations the first value will be taken'
    Value
    Show

  • Number of Record to Retain Before Flushing to Disk

    The setting for freq in /etc/audit/auditd.conf
    Value
    Show

  • Maximum audit log file size for auditd

    The setting for max_log_file in /etc/audit/auditd.conf
    Value
    Show

  • Verify Permissions on cron.d

    To properly set the permissions of /etc/cron.d, run the command: 
    $ sudo chmod 0700 /etc/cron.d
    Rule Medium Severity
    Show

  • Verify Permissions on cron.daily

    To properly set the permissions of /etc/cron.daily, run the command: 
    $ sudo chmod 0700 /etc/cron.daily
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules