Guide to the Secure Configuration of Debian 10
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Rlogin, Rsh, and Rexec
The Berkeley r-commands are legacy services which allow cleartext remote access and have an insecure trust model.Group -
Remove Rsh Trust Files
The files <code>/etc/hosts.equiv</code> and <code>~/.rhosts</code> (in each user's home directory) list remote hosts and users that are trusted by ...Rule High Severity -
Chat/Messaging Services
The talk software makes it possible for users to send and receive messages across systems through a terminal session.Group -
Telnet
The telnet protocol does not provide confidentiality or integrity for information transmitted on the network. This includes authentication informat...Group -
TFTP Server
TFTP is a lightweight version of the FTP protocol which has traditionally been used to configure networking equipment. However, TFTP provides littl...Group -
TFTP server secure directory
Specify the directory which is used by TFTP server as a root directory when running in secure mode.Value -
Print Support
The Common Unix Printing System (CUPS) service provides both local and network printing support. A system running the CUPS service can accept print...Group -
Configure the CUPS Service if Necessary
CUPS provides the ability to easily share local printers with other systems over the network. It does this by allowing systems to share lists of av...Group -
Proxy Server
A proxy server is a very desirable target for a potential adversary because much (or all) sensitive data for a given infrastructure may flow throug...Group -
Disable Squid if Possible
If Squid was installed and activated, but the system does not need to act as a proxy server, then it should be disabled and removed.Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules