Skip to content
Log In

DISA STIG with GUI for Oracle Linux 7

Rules and Groups employed by this XCCDF Profile

  • Uninstall tftp-server Package

    The tftp-server package can be removed with the following command: 
     $ sudo yum erase tftp-server
    Rule High Severity
    Show

  • Ensure tftp Daemon Uses Secure Mode

    If running the Trivial File Transfer Protocol (TFTP) service is necessary, it should be configured to change its root directory at startup. To do so, ensure <code>/etc/xinetd.d/tftp</code> includes...
    Rule Medium Severity
    Show

  • SNMP Server

    The Simple Network Management Protocol allows administrators to monitor the state of network devices, including computers. Older versions of SNMP were well-known for weak security, such as plaintex...
    Group
    Show

  • Configure SNMP Server if Necessary

    If it is necessary to run the snmpd agent on the system, some best practices should be followed to minimize the security risk from the installation. The multiple security models implemented by SNMP...
    Group
    Show

  • Ensure Default SNMP Password Is Not Used

    Edit <code>/etc/snmp/snmpd.conf</code>, remove or change the default community strings of <code>public</code> and <code>private</code>. This profile configures new read-only community string to <co...
    Rule High Severity
    Show

  • SSH Server

    The SSH protocol is recommended for remote login and remote file transfer. SSH provides confidentiality and integrity for data exchanged between two systems, as well as server authentication, throu...
    Group
    Show

  • Install the OpenSSH Server Package

    The openssh-server package should be installed. The openssh-server package can be installed with the following command: 
    $ sudo yum install openssh-server
    Rule Medium Severity
    Show

  • Enable the OpenSSH Service

    The SSH server service, sshd, is commonly needed. The sshd service can be enabled with the following command: 
    $ sudo systemctl enable sshd.service
    Rule Medium Severity
    Show

  • Verify Permissions on SSH Server Private *_key Key Files

    SSH server private keys - files that match the <code>/etc/ssh/*_key</code> glob, have to have restricted permissions. If those files are owned by the <code>root</code> user and the <code>root</code...
    Rule Medium Severity
    Show

  • Verify Permissions on SSH Server Public *.pub Key Files

    To properly set the permissions of /etc/ssh/*.pub, run the command: 
    $ sudo chmod 0644 /etc/ssh/*.pub
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules