Skip to content
ATO Pathways
  Log In

Guide to the Secure Configuration of OpenEmbedded

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Protect DNS Data from Tampering or Attack

    This section discusses DNS configuration options which make it more difficult for attackers to gain access to private DNS data or to modify DNS data.
    Group
    Show

  • Disable kexec system call

    <code>kexec</code> is a system call that implements the ability to shutdown your current kernel, and to start another kernel. It is like a reboot b...
    Rule Low Severity
    Show

  • Disable legacy (BSD) PTY support

    Disable the Linux traditional BSD-like terminal names /dev/ptyxx for masters and /dev/ttyxx for slaves of pseudo terminals, and use only the modern...
    Rule Medium Severity
    Show

  • Enable module signature verification

    Check modules for valid signatures upon load. Note that this option adds the OpenSSL development packages as a kernel build dependency so that the ...
    Rule Medium Severity
    Show

  • Enable automatic signing of all modules

    Sign all modules during make modules_install. Without this option, modules must be signed manually, using the scripts/sign-file tool. The configur...
    Rule Medium Severity
    Show

  • Require modules to be validly signed

    Reject unsigned modules or signed modules with an unknown key. The configuration that was used to build kernel is available at <code>/boot/config-...
    Rule Medium Severity
    Show

  • Accounts Authorized Local Users on the Operating System

    List the user accounts that are authorized locally on the operating system. This list includes both users requried by the operating system and by t...
    Value
    Show

  • Ensure All Accounts on the System Have Unique User IDs

    Change user IDs (UIDs), or delete accounts, so each has a unique name.
    Rule Medium Severity
    Show

  • Ensure All Groups on the System Have Unique Group ID

    Change the group name or delete groups, so each has a unique id.
    Rule Medium Severity
    Show

  • Ensure All Groups on the System Have Unique Group Names

    Change the group name or delete groups, so each has a unique name.
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules