Tri-Lab Operating System Stack (TOSS) 4 Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-OS-000480-GPOS-00227
Group -
TOSS must prevent IPv6 Internet Control Message Protocol (ICMP) redirect messages from being accepted.
ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages modify the host's route table and are unauthenticated. An ill...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
Group -
TOSS must restrict exposed kernel pointer addresses access.
It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooke...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
Group -
SRG-OS-000480-GPOS-00227
Group -
TOSS must use reverse path filtering on all IPv4 interfaces.
It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooke...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
Group -
TOSS network interfaces must not be in promiscuous mode.
Network interfaces in promiscuous mode allow for the capture of all network traffic visible to the system. If unauthorized individuals can access these applications, it may allow them to collect in...Rule Medium Severity -
SRG-OS-000312-GPOS-00122
Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules