Guide to the Secure Configuration of Debian 10
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Maximum NTP or Chrony Poll
The maximum NTP or Chrony poll interval number in seconds specified as a power of two.Value -
The Chrony package is installed
System time should be synchronized between all systems in an environment. This is typically done by establishing an authoritative time server or se...Rule Medium Severity -
Install the ntp service
The ntpd service should be installed.Rule High Severity -
The Chronyd service is enabled
chrony is a daemon which implements the Network Time Protocol (NTP) is designed to synchronize system clocks across a variety of systems and use a ...Rule Medium Severity -
Enable the NTP Daemon
Thentp
service can be enabled with the following command:$ sudo systemctl enable ntp.service
Rule High Severity -
Ensure Chrony is only configured with the server directive
Check that Chrony only has time sources configured with theserver
directive.Rule Medium Severity -
A remote time server for Chrony is configured
<code>Chrony</code> is a daemon which implements the Network Time Protocol (NTP). It is designed to synchronize system clocks across a variety of s...Rule Medium Severity -
Obsolete Services
This section discusses a number of network-visible services which have historically caused problems for system security, and for which disabling or...Group -
Xinetd
The <code>xinetd</code> service acts as a dedicated listener for some network services (mostly, obsolete ones) and can be used to provide access co...Group -
NIS
The Network Information Service (NIS), also known as 'Yellow Pages' (YP), and its successor NIS+ have been made obsolete by Kerberos, LDAP, and oth...Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules