DRAFT - Unclassified Information in Non-federal Information Systems and Organizations (NIST 800-171)
Rules and Groups employed by this XCCDF Profile
-
File Permissions and Masks
Traditional Unix security relies heavily on file and directory permissions to prevent unauthorized users from reading or modifying files to which they should not have access. <br> <br> Severa...Group -
Restrict Partition Mount Options
System partitions can be mounted with certain options that limit what files on those partitions can do. These options are set in the <code>/etc/fstab</code> configuration file, and can be used to m...Group -
Add nodev Option to /var/log/audit
The <code>nodev</code> mount option can be used to prevent device files from being created in <code>/var/log/audit</code>. Legitimate character and block devices should exist only in the <code>/dev...Rule Medium Severity -
Add noexec Option to /var/log/audit
The <code>noexec</code> mount option can be used to prevent binaries from being executed out of <code>/var/log/audit</code>. Add the <code>noexec</code> option to the fourth column of <code>/etc/fs...Rule Medium Severity -
Add nosuid Option to /var/log/audit
The <code>nosuid</code> mount option can be used to prevent execution of setuid programs in <code>/var/log/audit</code>. The SUID and SGID permissions should not be required in directories containi...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules