Tri-Lab Operating System Stack (TOSS) 4 Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
TOSS must define default permissions for all authenticated users in such a way that the user can only read and modify their own files.
<VulnDiscussion>Setting the most restrictive default permissions ensures that when new accounts are created, they do not have unnecessary acc...Rule Medium Severity -
SRG-OS-000480-GPOS-00230
<GroupDescription></GroupDescription>Group -
All TOSS local interactive user home directories must have mode 0770 or less permissive.
<VulnDiscussion>Users' home directories/folders may contain information of a sensitive nature. Non-privileged users should coordinate any sha...Rule Medium Severity -
SRG-OS-000480-GPOS-00230
<GroupDescription></GroupDescription>Group -
TOSS must not permit direct logons to the root account using remote access from outside of the system via SSH.
<VulnDiscussion>Even though the communications channel may be encrypted, an additional layer of security is gained by extending the policy of...Rule Medium Severity -
SRG-OS-000114-GPOS-00059
<GroupDescription></GroupDescription>Group -
The TOSS file system automounter must be disabled unless required.
<VulnDiscussion>Automatically mounting file systems permits easy introduction of unknown devices, thereby facilitating malicious activity.<...Rule Medium Severity -
SRG-OS-000120-GPOS-00061
<GroupDescription></GroupDescription>Group -
All TOSS local interactive user home directories must be owned by root.
<VulnDiscussion>Users' home directories/folders may contain information of a sensitive nature. Non-privileged users should coordinate any sha...Rule Medium Severity -
SRG-OS-000023-GPOS-00006
<GroupDescription></GroupDescription>Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.