Tri-Lab Operating System Stack (TOSS) 4 Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-OS-000095-GPOS-00049
<GroupDescription></GroupDescription>Group -
TOSS must disable the transparent inter-process communication (TIPC) protocol.
<VulnDiscussion>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission ob...Rule Medium Severity -
SRG-OS-000095-GPOS-00049
<GroupDescription></GroupDescription>Group -
TOSS must not accept router advertisements on all IPv6 interfaces by default.
<VulnDiscussion>Routing protocol daemons are typically used on routers to exchange network topology information with other routers. If this s...Rule Medium Severity -
TOSS must not have any automated bug reporting tools installed.
<VulnDiscussion>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission ob...Rule Medium Severity -
SRG-OS-000095-GPOS-00049
<GroupDescription></GroupDescription>Group -
TOSS must not have the sendmail package installed.
<VulnDiscussion>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission ob...Rule Medium Severity -
SRG-OS-000095-GPOS-00049
<GroupDescription></GroupDescription>Group -
TOSS must not have the telnet-server package installed.
<VulnDiscussion>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission ob...Rule Medium Severity -
SRG-OS-000096-GPOS-00050
<GroupDescription></GroupDescription>Group -
TOSS must be configured to prohibit or restrict the use of functions, ports, protocols, and/or services, as defined in the PPSM CAL and vulnerability assessments.
<VulnDiscussion>In order to prevent unauthorized connection of devices, unauthorized transfer of information, or unauthorized tunneling (i.e....Rule Medium Severity -
SRG-OS-000114-GPOS-00059
<GroupDescription></GroupDescription>Group -
TOSS must be configured so that all network connections associated with SSH traffic are terminated at the end of the session or after 10 minutes of inactivity, except to fulfill documented and validated mission requirements.
<VulnDiscussion>Terminating an idle SSH session within a short time period reduces the window of opportunity for unauthorized personnel to ta...Rule Medium Severity -
SRG-OS-000134-GPOS-00068
<GroupDescription></GroupDescription>Group -
TOSS must have policycoreutils package installed.
<VulnDiscussion>Without verification of the security functions, security functions may not operate correctly and the failure may go unnoticed...Rule Low Severity -
SRG-OS-000185-GPOS-00079
<GroupDescription></GroupDescription>Group -
All TOSS local disk partitions must implement cryptographic mechanisms to prevent unauthorized disclosure or modification of all information that requires at rest protection.
<VulnDiscussion>TOSS systems handling data requiring "data at rest" protections must employ cryptographic mechanisms to prevent unauthorized ...Rule Medium Severity -
SRG-OS-000259-GPOS-00100
<GroupDescription></GroupDescription>Group -
TOSS must limit privileges to change software resident within software libraries.
<VulnDiscussion>If the operating system were to allow any user to make changes to software libraries, then those changes might be implemented...Rule Medium Severity -
SRG-OS-000266-GPOS-00101
<GroupDescription></GroupDescription>Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.