Guide to the Secure Configuration of Debian 10
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Ensure /tmp Located On Separate Partition
The/tmpdirectory is a world-writable directory used for temporary file storage. Ensure it has its own partition or logical volume at installation time, or migrate it using LVM.Rule Low Severity -
MotD Banner Verbiage
Enter an appropriate login banner for your organization. Please note that new lines must be expressed by the '\n' character and special characters like parentheses and quotation marks must be escap...Value -
Ensure /var Located On Separate Partition
The <code>/var</code> directory is used by daemons and other system services to store frequently-changing data. Ensure that <code>/var</code> has its own partition or logical volume at installation...Rule Low Severity -
Ensure /var/log Located On Separate Partition
System logs are stored in the/var/logdirectory. Ensure that/var/loghas its own partition or logical volume at installation time, or migrate it using LVM.Rule Low Severity -
Ensure /var/log/audit Located On Separate Partition
Audit logs are stored in the <code>/var/log/audit</code> directory. Ensure that <code>/var/log/audit</code> has its own partition or logical volume at installation time, or migrate it using LVM. M...Rule Low Severity -
GNOME Desktop Environment
GNOME is a graphical desktop environment bundled with many Linux distributions that allow users to easily interact with the operating system graphically rather than textually. The GNOME Graphical D...Group -
Configure GNOME Login Screen
In the default GNOME desktop, the login is displayed after system boot and can display user accounts, allow users to reboot the system, and allow users to login automatically and/or with a guest ac...Group -
Disable XDMCP in GDM
XDMCP is an unencrypted protocol, and therefore, presents a security risk, see e.g. <a href="https://help.gnome.org/admin/gdm/stable/security.html.en_GB#xdmcpsecurity">XDMCP Gnome docs</a>. To dis...Rule High Severity -
GNOME Media Settings
GNOME media settings that apply to the graphical interface.Group -
GNOME Network Settings
GNOME network settings that apply to the graphical interface.Group -
GNOME Remote Access Settings
GNOME remote access settings that apply to the graphical interface.Group -
Configure GNOME Screen Locking
In the default GNOME3 desktop, the screen can be locked by selecting the user name in the far right corner of the main panel and selecting <b>Lock</b>. <br><br> The following sections detail comman...Group -
Screensaver Inactivity timeout
Choose allowed duration (in seconds) of inactive graphical sessionsValue -
Screensaver Lock Delay
Choose allowed duration (in seconds) after a screensaver becomes active before displaying an authentication promptValue -
GNOME System Settings
GNOME provides configuration and functionality to a graphical desktop environment that changes grahical configurations or allow a user to perform actions that users normally would not be able to do...Group -
SAP Specific Requirement
SAP (Systems, Applications and Products in Data Processing) is enterprise software to manage business operations and customer relations. The following section contains SAP specific requirement that...Group -
Sudo
<code>Sudo</code>, which stands for "su 'do'", provides the ability to delegate authority to certain users, groups of users, or system administrators. When configured for system users and/or groups...Group -
Group name dedicated to the use of sudo
Specify the name of the group that should own /usr/bin/sudo.Value -
Sudo - logfile value
Specify the sudo logfile to use. The default value used here matches the example location from CIS, which uses /var/log/sudo.log.Value -
Sudo - passwd_timeout value
Defines the number of minutes before thesudopassword prompt times out. Defining 0 means no timeout. The default timeout value is 5 minutes.Value
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.