Skip to content

Australian Cyber Security Centre (ACSC) Essential Eight

Rules and Groups employed by this XCCDF Profile

  • Ensure gpgcheck Enabled for Local Packages

    <code>yum</code> should be configured to verify the signature(s) of local packages prior to installation. To configure <code>yum</code> to verify s...
    Rule High Severity
  • Ensure gpgcheck Enabled for All yum Package Repositories

    To ensure signature checking is not disabled for any repos, remove any lines from files in <code>/etc/yum.repos.d</code> of the form: <pre>gpgcheck...
    Rule High Severity
  • Ensure Oracle Linux GPG Key Installed

    To ensure the system can cryptographically verify base software packages come from Oracle (and to connect to the Unbreakable Linux Network to recei...
    Rule High Severity
  • Ensure Software Patches Installed

    If the system is joined to the ULN or a yum server, run the following command to install updates: <pre>$ sudo yum update</pre> If the system is no...
    Rule Medium Severity
  • Account and Access Control

    In traditional Unix security, if an attacker gains shell access to a certain login account, they can perform any action or access any file to which...
    Group
  • Enable authselect

    Configure user authentication setup to use the <code>authselect</code> tool. If authselect profile is selected, the rule will enable the <xccdf-1.2...
    Rule Medium Severity
  • Protect Accounts by Restricting Password-Based Login

    Conventionally, Unix shell accounts are accessed by providing a username and password to a login program, which tests these values for correctness ...
    Group
  • Verify Proper Storage and Existence of Password Hashes

    By default, password hashes for local accounts are stored in the second field (colon-separated) in <code>/etc/shadow</code>. This file should be re...
    Group
  • Prevent Login to Accounts With Empty Password

    If an account is configured for password authentication but does not have an assigned password, it may be possible to log into the account without ...
    Rule High Severity
  • Restrict Root Logins

    Direct root logins should be allowed only for emergency use. In normal situations, the administrator should access the system via a unique unprivil...
    Group

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules