Skip to content

PCI-DSS v3.2.1 Control Baseline Draft for Oracle Linux 7

Rules and Groups employed by this XCCDF Profile

  • System Settings

    Contains rules that check correct system settings.
    Group
  • Installing and Maintaining Software

    The following sections contain information on security-relevant choices during the initial operating system installation process and the setup of s...
    Group
  • System and Software Integrity

    System and software integrity can be gained by installing antivirus, increasing system encryption strength with FIPS, verifying installed software,...
    Group
  • Disable Prelinking

    The prelinking feature changes binaries in an attempt to decrease their startup time. In order to disable it, change or add the following line insi...
    Rule Medium Severity
  • Software Integrity Checking

    Both the AIDE (Advanced Intrusion Detection Environment) software and the RPM package management system provide mechanisms for verifying the integr...
    Group
  • Verify Integrity with RPM

    The RPM package management system includes the ability to verify the integrity of installed packages by comparing the installed files with informat...
    Group
  • Verify File Hashes with RPM

    Without cryptographic integrity protections, system executables and files can be altered by unauthorized users without detection. The RPM package m...
    Rule High Severity
  • Verify and Correct File Permissions with RPM

    The RPM package management system can check file access permissions of installed software packages, including many that are important to system sec...
    Rule High Severity
  • Verify Integrity with AIDE

    AIDE conducts integrity checks by comparing information about files with previously-gathered information. Ideally, the AIDE database is created imm...
    Group
  • Install AIDE

    The aide package can be installed with the following command:
    $ sudo yum install aide
    Rule Medium Severity
  • Build and Test AIDE Database

    Run the following command to generate a new database: <pre>$ sudo /usr/sbin/aide --init</pre> By default, the database will be written to the fil...
    Rule Medium Severity
  • Configure Periodic Execution of AIDE

    At a minimum, AIDE should be configured to run a weekly scan. To implement a daily execution of AIDE at 4:05am using cron, add the following line t...
    Rule Medium Severity
  • Endpoint Protection Software

    Endpoint protection security software that is not provided or supported by Oracle Corporation can be installed to provide complementary or duplica...
    Group
  • Install Intrusion Detection Software

    The base Oracle Linux 7 platform already includes a sophisticated auditing system that can detect intruder activity, as well as SELinux, which prov...
    Rule High Severity
  • GNOME Desktop Environment

    GNOME is a graphical desktop environment bundled with many Linux distributions that allow users to easily interact with the operating system graphi...
    Group
  • Make sure that the dconf databases are up-to-date with regards to respective keyfiles

    By default, DConf uses a binary database as a data backend. The system-level database is compiled from keyfiles in the /etc/dconf/db/ directory by ...
    Rule High Severity
  • Configure GNOME Screen Locking

    In the default GNOME3 desktop, the screen can be locked by selecting the user name in the far right corner of the main panel and selecting <b>Lock<...
    Group
  • Enable GNOME3 Screensaver Idle Activation

    To activate the screensaver in the GNOME3 desktop after a period of inactivity, add or set <code>idle-activation-enabled</code> to <code>true</code...
    Rule Medium Severity
  • Set GNOME3 Screensaver Inactivity Timeout

    The idle time-out value for inactivity in the GNOME3 desktop is configured via the <code>idle-delay</code> setting must be set under an appropriate...
    Rule Medium Severity
  • Enable GNOME3 Screensaver Lock After Idle Period

    To activate locking of the screensaver in the GNOME3 desktop when it is activated, add or set <code>lock-enabled</code> to <code>true</code> in <c...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules