II - Mission Support Classified
Rules and Groups employed by this XCCDF Profile
-
SRG-OS-000480-GPOS-00227
Group -
SLEM 5 must not allow interfaces to accept Internet Protocol version 6 (IPv6) Internet Control Message Protocol (ICMP) redirect messages by default.
ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages modify the host's route table and are unauthenticated. An ill...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
Group -
SLEM 5 must not be performing Internet Protocol version 6 (IPv6) packet forwarding unless the system is a router.
Routing protocol daemons are typically used on routers to exchange network topology information with other routers. If this software is used when not required, system network information may be unn...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
Group -
SLEM 5 must not be performing Internet Protocol version 6 (IPv6) packet forwarding by default unless the system is a router.
Routing protocol daemons are typically used on routers to exchange network topology information with other routers. If this software is used when not required, system network information may be unn...Rule Medium Severity -
SRG-OS-000423-GPOS-00187
Group -
SLEM 5 must have SSH installed to protect the confidentiality and integrity of transmitted information.
Without protection of the transmitted information, confidentiality and integrity may be compromised because unprotected communications can be intercepted and either read or altered. This requirem...Rule High Severity -
SRG-OS-000423-GPOS-00187
Group -
SLEM 5 must use SSH to protect the confidentiality and integrity of transmitted information.
Without protection of the transmitted information, confidentiality and integrity may be compromised because unprotected communications can be intercepted and either read or altered. This requireme...Rule High Severity -
SRG-OS-000023-GPOS-00006
Group -
SLEM 5 must display the Standard Mandatory DOD Notice and Consent Banner before granting access via SSH.
Display of a standardized and approved use notification before granting access to SLEM 5 ensures privacy and security notification verbiage used is consistent with applicable federal laws, Executiv...Rule Medium Severity -
SRG-OS-000480-GPOS-00229
Group -
SLEM 5 must not allow unattended or automatic logon via SSH.
Failure to restrict system access via SSH to authenticated users negatively impacts SLEM 5 security.Rule High Severity -
SRG-OS-000163-GPOS-00072
Group -
SLEM 5 must be configured so that all network connections associated with SSH traffic terminate after becoming unresponsive.
Terminating an unresponsive SSH session within a short time period reduces the window of opportunity for unauthorized personnel to take control of a management session enabled on the console or con...Rule Medium Severity -
SRG-OS-000126-GPOS-00066
Group -
SLEM 5 must be configured so that all network connections associated with SSH traffic are terminated after 10 minutes of becoming unresponsive.
Terminating an unresponsive SSH session within a short time period reduces the window of opportunity for unauthorized personnel to take control of a management session enabled on the console or con...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
Group -
SLEM 5 SSH daemon must disable forwarded remote X connections for interactive users, unless to fulfill documented and validated mission requirements.
The security risk of using X11 forwarding is that the client's X11 display server may be exposed to attack when the SSH client requests forwarding. A system administrator may have a stance in which...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.