DISA STIG for Oracle Linux 8
Rules and Groups employed by this XCCDF Profile
-
Configure immutable Audit login UIDs
Configure kernel to prevent modification of login UIDs once they are set. Changing login UIDs while this configuration is enforced requires special...Rule Medium Severity -
GRUB2 bootloader configuration
During the boot process, the boot loader is responsible for starting the execution of the kernel and passing options to it. The boot loader allows ...Group -
System Must Avoid Meltdown and Spectre Exploit Vulnerabilities in Modern Processors
Verify that Meltdown mitigations are not disabled:$ sudo grubby --info=ALL | grep mitigations
The mitigations must not be set to "off".Rule Medium Severity -
Enable Kernel Page-Table Isolation (KPTI)
To enable Kernel page-table isolation, add the argument <code>pti=on</code> to the default GRUB 2 command line for the Linux operating system. To e...Rule Low Severity -
Disable vsyscalls
To disable use of virtual syscalls, add the argument <code>vsyscall=none</code> to the default GRUB 2 command line for the Linux operating system. ...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules