An XCCDF Group - A logical subset of the XCCDF Benchmark
/usr/share/doc/aide-VERSION
aide
$ apt-get install aide
$ sudo aideinit
/var/lib/aide/aide.db.new
/etc/aide.conf
/usr/sbin/aide
$ sudo cp /var/lib/aide/aide.db.new /var/lib/aide/aide.db
$ sudo /usr/sbin/aide --check
OnCalendar=*-*-* 05:00:0
[Timer]
/etc/crontab
05 4 * * * root /usr/sbin/aide --check
05 4 * * 0 root /usr/sbin/aide --check
@daily
@weekly
| /bin/mail -s "$(hostname) - AIDE Integrity Check" root@localhost
05 4 * * * root /usr/sbin/aide --check | /bin/mail -s "$(hostname) - AIDE Integrity Check" root@localhost
acl
FIPSR
FIPSR = p+i+n+u+g+s+m+c+acl+selinux+xattrs+sha256
xattrs
update-crypto-policies
/etc/ssh/ssh_config.d/
05-redhat.conf
02-ospp.conf
/
/boot
swap
/dev/shm
/home
/srv
/tmp
/var
/var/log
/var/log/audit
noexec
noauto
/opt
/usr
/var/tmp
systemd-tmpfiles
tmp.mount
dconf(1)
Enable
false
[xdmcp]
/etc/gdm/custom.conf
[xdmcp] Enable=false
Sudo
root
NOEXEC
/etc/sudoers
/etc/sudoers.d/
requiretty
use_pty
!authenticate
NOPASSWD
vdsm
sudoers
ALL
sudo
$ apt-get install sudo
/etc/sudoers.d
$ sudo chgrp root /etc/sudoers.d
$ sudo chown root /etc/sudoers.d
$ sudo chmod 0750 /etc/sudoers.d
$ sudo chgrp root /etc/sudoers
$ sudo chown root /etc/sudoers
$ sudo chmod 0440 /etc/sudoers
/usr/bin/sudo
$ sudo chmod 4111 /usr/bin/sudo
env_reset
ignore_dot
umask
umask=
gnutls-utils
$ apt-get install gnutls-utils
nss-tools
$ apt-get install nss-tools
apt_get
$ apt update && apt full-upgrade