Tri-Lab Operating System Stack (TOSS) 4 Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-OS-000342-GPOS-00133
<GroupDescription></GroupDescription>Group -
Successful/unsuccessful uses of the "lremovexattr" system call in TOSS must generate an audit record.
<VulnDiscussion>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficu...Rule Medium Severity -
TOSS must label all off-loaded audit logs before sending them to the central log server.
<VulnDiscussion>Without establishing what type of events occurred, the source of events, where events occurred, and the outcome of events, it...Rule Medium Severity -
SRG-OS-000458-GPOS-00203
<GroupDescription></GroupDescription>Group -
The TOSS audit system must be configured to audit any usage of the "fsetxattr" system call.
<VulnDiscussion>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficu...Rule Medium Severity -
SRG-OS-000458-GPOS-00203
<GroupDescription></GroupDescription>Group -
The TOSS audit system must be configured to audit any usage of the "lsetxattr" system call.
<VulnDiscussion>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficu...Rule Medium Severity -
SRG-OS-000468-GPOS-00212
<GroupDescription></GroupDescription>Group -
Successful/unsuccessful uses of the fremovexattr system call in TOSS must generate an audit record.
<VulnDiscussion>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficu...Rule Medium Severity -
SRG-OS-000468-GPOS-00212
<GroupDescription></GroupDescription>Group -
SRG-OS-000468-GPOS-00212
<GroupDescription></GroupDescription>Group -
Successful/unsuccessful uses of the "removexattr" system call in TOSS must generate an audit record.
<VulnDiscussion>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficu...Rule Medium Severity -
SRG-OS-000470-GPOS-00214
<GroupDescription></GroupDescription>Group -
Successful/unsuccessful modifications to the "lastlog" file in TOSS must generate an audit record.
<VulnDiscussion>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficu...Rule Medium Severity -
SRG-OS-000471-GPOS-00215
<GroupDescription></GroupDescription>Group -
Successful/unsuccessful uses of "semanage" in TOSS must generate an audit record.
<VulnDiscussion>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficu...Rule Medium Severity -
SRG-OS-000471-GPOS-00215
<GroupDescription></GroupDescription>Group -
Successful/unsuccessful uses of the "gpasswd" command in TOSS must generate an audit record.
<VulnDiscussion>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficu...Rule Medium Severity -
SRG-OS-000471-GPOS-00215
<GroupDescription></GroupDescription>Group -
Successful/unsuccessful uses of the "mount" command in TOSS must generate an audit record.
<VulnDiscussion>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficu...Rule Medium Severity -
SRG-OS-000471-GPOS-00215
<GroupDescription></GroupDescription>Group -
Successful/unsuccessful uses of the "mount" syscall in TOSS must generate an audit record.
<VulnDiscussion>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficu...Rule Medium Severity -
SRG-OS-000471-GPOS-00215
<GroupDescription></GroupDescription>Group -
Successful/unsuccessful uses of the "su" command in TOSS must generate an audit record.
<VulnDiscussion>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficu...Rule Medium Severity -
SRG-OS-000471-GPOS-00215
<GroupDescription></GroupDescription>Group -
Successful/unsuccessful uses of the "umount" command in TOSS must generate an audit record.
<VulnDiscussion>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficu...Rule Medium Severity -
SRG-OS-000471-GPOS-00215
<GroupDescription></GroupDescription>Group -
Successful/unsuccessful uses of the "unix_update" in TOSS must generate an audit record.
<VulnDiscussion>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficu...Rule Medium Severity -
SRG-OS-000471-GPOS-00215
<GroupDescription></GroupDescription>Group -
Successful/unsuccessful uses of the "usermod" command in TOSS must generate an audit record.
<VulnDiscussion>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficu...Rule Medium Severity -
SRG-OS-000471-GPOS-00215
<GroupDescription></GroupDescription>Group -
Successful/unsuccessful uses of "unix_chkpwd" in TOSS must generate an audit record.
<VulnDiscussion>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficu...Rule Medium Severity -
SRG-OS-000471-GPOS-00215
<GroupDescription></GroupDescription>Group -
Successful/unsuccessful uses of "userhelper" in TOSS must generate an audit record.
<VulnDiscussion>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficu...Rule Medium Severity -
SRG-OS-000471-GPOS-00216
<GroupDescription></GroupDescription>Group -
Successful/unsuccessful uses of the "kmod" command in TOSS must generate an audit record.
<VulnDiscussion>"Without generating audit records that are specific to the security and mission needs of the organization, it would be diffic...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
The auditd service must be running in TOSS.
<VulnDiscussion>Configuring TOSS to implement organization-wide security implementation guides and security checklists ensures compliance wit...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
The TOSS audit system must audit local events.
<VulnDiscussion>Without establishing what type of events occurred, the source of events, where events occurred, and the outcome of events, it...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
TOSS must be configured to disable USB mass storage.
<VulnDiscussion>USB mass storage permits easy introduction of unknown devices, thereby facilitating malicious activity. Satisfies: SRG-OS-00...Rule Medium Severity -
TOSS must resolve audit information before writing to disk.
<VulnDiscussion>Without establishing what type of events occurred, the source of events, where events occurred, and the outcome of events, it...Rule Low Severity -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
TOSS must have the packages required for offloading audit logs installed.
<VulnDiscussion>Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Offloading is a common ...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
TOSS must have the packages required for encrypting offloaded audit logs installed.
<VulnDiscussion>Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Offloading is a common ...Rule Medium Severity -
SRG-OS-000032-GPOS-00013
<GroupDescription></GroupDescription>Group -
TOSS must monitor remote access methods.
<VulnDiscussion>Remote access services, such as those providing remote access to network devices and information systems, which lack automate...Rule Medium Severity -
SRG-OS-000033-GPOS-00014
<GroupDescription></GroupDescription>Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.