DISA STIG with GUI for Oracle Linux 7
Rules and Groups employed by this XCCDF Profile
-
Configure Console Screen Locking
A console screen locking mechanism is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the information system but does not logout because of th...Group -
Install the screen Package
To enable console screen locking, install the <code>screen</code> package. The <code>screen</code> package can be installed with the following command: <pre> $ sudo yum install screen</pre> Instruc...Rule Medium Severity -
Hardware Tokens for Authentication
The use of hardware tokens such as smart cards for system login provides stronger, two-factor authentication than using a username and password. In Oracle Linux 7 servers, hardware token login is...Group -
Install Smart Card Packages For Multifactor Authentication
Configure the operating system to implement multifactor authentication by installing the required package with the following command: The <code>pam_pkcs11</code> package can be installed with the ...Rule Medium Severity -
Enable Smart Card Login
To enable smart card authentication, consult the documentation at: <ul><li><b><a href="https://docs.oracle.com/en/operating-systems/oracle-linux/7/userauth/userauth-AuthenticationConfiguration.html...Rule Medium Severity -
Configure Smart Card Certificate Status Checking
Configure the operating system to do certificate status checking for PKI authentication. Modify all of the <code>cert_policy</code> lines in <code>/etc/pam_pkcs11/pam_pkcs11.conf</code> to include ...Rule Medium Severity -
Protect Accounts by Restricting Password-Based Login
Conventionally, Unix shell accounts are accessed by providing a username and password to a login program, which tests these values for correctness using the <code>/etc/passwd</code> and <code>/etc/...Group -
Only Authorized Local User Accounts Exist on Operating System
Enterprise Application tends to use the server or virtual machine exclusively. Besides the default operating system user, there should be only authorized local users required by the installed softw...Rule Medium Severity -
Set Account Expiration Parameters
Accounts can be configured to be automatically disabled after a certain time period, meaning that they will require administrator interaction to become usable again. Expiration of accounts after in...Group -
Set Account Expiration Following Inactivity
To specify the number of days after a password expires (which signifies inactivity) until an account is permanently disabled, add or correct the following line in <code>/etc/default/useradd</code>:...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules