Skip to content
Log In

Guide to the Secure Configuration of OpenEmbedded

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Verify Permissions on cron.hourly

    To properly set the permissions of /etc/cron.hourly, run the command: 
    $ sudo chmod 0700 /etc/cron.hourly
    Rule Medium Severity
    Show

  • Verify Permissions on cron.monthly

    To properly set the permissions of /etc/cron.monthly, run the command: 
    $ sudo chmod 0700 /etc/cron.monthly
    Rule Medium Severity
    Show

  • Verify Permissions on cron.weekly

    To properly set the permissions of /etc/cron.weekly, run the command: 
    $ sudo chmod 0700 /etc/cron.weekly
    Rule Medium Severity
    Show

  • Verify Permissions on crontab

    To properly set the permissions of /etc/crontab, run the command: 
    $ sudo chmod 0600 /etc/crontab
    Rule Medium Severity
    Show

  • Ensure rsyncd service is disabled

    The rsyncd service can be disabled with the following command: 
    $ sudo systemctl mask --now rsyncd.service
    Rule Medium Severity
    Show

  • Disable ypserv Service

    The <code>ypserv</code> service, which allows the system to act as a client in a NIS or NIS+ domain, should be disabled. The <code>ypserv</code> service can be disabled with the following command:...
    Rule Medium Severity
    Show

  • Disable Accepting ICMP Redirects for All IPv6 Interfaces

    To set the runtime status of the <code>net.ipv6.conf.all.accept_redirects</code> kernel parameter, run the following command: <pre>$ sudo sysctl -w net.ipv6.conf.all.accept_redirects=0</pre> To mak...
    Rule Medium Severity
    Show

  • Disable DCCP Support

    The Datagram Congestion Control Protocol (DCCP) is a relatively new transport layer protocol, designed to support streaming media and telephony. To configure the system to prevent the <code>dccp</...
    Rule Medium Severity
    Show

  • Disable RDS Support

    The Reliable Datagram Sockets (RDS) protocol is a transport layer protocol designed to provide reliable high-bandwidth, low-latency communications between nodes in a cluster. To configure the syst...
    Rule Low Severity
    Show

  • Disable SCTP Support

    The Stream Control Transmission Protocol (SCTP) is a transport layer protocol, designed to support the idea of message-oriented communication, with several streams of messages within one connection...
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules