DISA STIG for Oracle Linux 8
Rules and Groups employed by this XCCDF Profile
-
Uninstall tftp-server Package
Thetftp-serverpackage can be removed with the following command:$ sudo yum erase tftp-server
Rule High Severity -
Ensure tftp Daemon Uses Secure Mode
If running the Trivial File Transfer Protocol (TFTP) service is necessary, it should be configured to change its root directory at startup. To do s...Rule Medium Severity -
Hardware RNG Entropy Gatherer Daemon
The rngd feeds random data from hardware device to kernel random device.Group -
Enable the Hardware RNG Entropy Gatherer Service
The Hardware RNG Entropy Gatherer service should be enabled. The <code>rngd</code> service can be enabled with the following command: <pre>$ sudo ...Rule Low Severity -
SSH Server
The SSH protocol is recommended for remote login and remote file transfer. SSH provides confidentiality and integrity for data exchanged between tw...Group -
Install the OpenSSH Server Package
The <code>openssh-server</code> package should be installed. The <code>openssh-server</code> package can be installed with the following command: <...Rule Medium Severity -
Enable the OpenSSH Service
The SSH server service, sshd, is commonly needed. The <code>sshd</code> service can be enabled with the following command: <pre>$ sudo systemctl e...Rule Medium Severity -
Verify Permissions on SSH Server Private *_key Key Files
SSH server private keys - files that match the <code>/etc/ssh/*_key</code> glob, have to have restricted permissions. If those files are owned by t...Rule Medium Severity -
Verify Permissions on SSH Server Public *.pub Key Files
To properly set the permissions of/etc/ssh/*.pub, run the command:$ sudo chmod 0644 /etc/ssh/*.pub
Rule Medium Severity -
OpenSSH Service Must Use Passcode for Their Private Keys
Verify the SSH private key files have a passcode. For each private key stored on the system, use the following command: <pre>$ sudo ssh-keygen -y ...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules