ANSSI-BP-028 (high)
Rules and Groups employed by this XCCDF Profile
-
System Security Services Daemon
The System Security Services Daemon (SSSD) is a system daemon that provides access to different identity and authentication providers such as Red Hat's IdM, Microsoft's AD, openLDAP, MIT Kerberos, ...Group -
System Security Services Daemon (SSSD) - LDAP
The System Security Services Daemon (SSSD) is a system daemon that provides access to different identity and authentication providers such as Red Hat's IdM, Microsoft's AD, openLDAP, MIT Kerberos, ...Group -
Record Attempts to perform maintenance activities
The Oracle Linux 9 operating system must generate audit records for privileged activities, nonlocal maintenance, diagnostic sessions and other system-level access. Verify the operating system audi...Rule Medium Severity -
Configure Microarchitectural Data Sampling mitigation
Microarchitectural Data Sampling (MDS) is a hardware vulnerability which allows unprivileged speculative access to data which is available in various CPU internal buffers. When performing store, l...Rule Medium Severity -
Enable Kernel Parameter to Enforce DAC on FIFOs
To set the runtime status of the <code>fs.protected_fifos</code> kernel parameter, run the following command: <pre>$ sudo sysctl -w fs.protected_fifos=2</pre> To make sure that the setting is persi...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules