Skip to content

Guide to the Secure Configuration of Debian 10

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Sudo - timestamp_timeout value

    Defines the number of minutes that can elapse before <code>sudo</code> will ask for a passwd again. If set to a value less than 0 the user's time s...
    Value
  • Sudo - umask value

    Specify the sudo umask to use. The actual umask value that is used is the union of the user's umask and the sudo umask. The default sudo umask is 0...
    Value
  • Ensure Privileged Escalated Commands Cannot Execute Other Commands - sudo NOEXEC

    The sudo <code>NOEXEC</code> tag, when specified, prevents user executed commands from executing other commands, like a shell for example. This sho...
    Rule High Severity
  • Ensure Only Users Logged In To Real tty Can Execute Sudo - sudo requiretty

    The sudo <code>requiretty</code> tag, when specified, will only execute sudo commands from users logged in to a real tty. This should be enabled by...
    Rule Medium Severity
  • Ensure Only Users Logged In To Real tty Can Execute Sudo - sudo use_pty

    The sudo <code>use_pty</code> tag, when specified, will only execute sudo commands from users logged in to a real tty. This should be enabled by ma...
    Rule Medium Severity
  • Ensure Sudo Logfile Exists - sudo logfile

    A custom log sudo file can be configured with the 'logfile' tag. This rule configures a sudo custom logfile at the default location suggested by CI...
    Rule Low Severity
  • Ensure Users Re-Authenticate for Privilege Escalation - sudo !authenticate

    The sudo <code>!authenticate</code> option, when specified, allows a user to execute commands using sudo without having to authenticate. This shoul...
    Rule Medium Severity
  • Ensure Users Re-Authenticate for Privilege Escalation - sudo NOPASSWD

    The sudo <code>NOPASSWD</code> tag, when specified, allows a user to execute commands using sudo without having to authenticate. This should be dis...
    Rule Medium Severity
  • Ensure Users Re-Authenticate for Privilege Escalation - sudo

    The sudo <code>NOPASSWD</code> and <code>!authenticate</code> option, when specified, allows a user to execute commands using sudo without having t...
    Rule Medium Severity
  • Remote Login Banner Verbiage

    Enter an appropriate login banner for your organization. Please note that new lines must be expressed by the '\n' character and special characters ...
    Value

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules