DRAFT - Protection Profile for General Purpose Operating Systems
Rules and Groups employed by this XCCDF Profile
-
GRUB2 bootloader configuration
During the boot process, the boot loader is responsible for starting the execution of the kernel and passing options to it. The boot loader allows for the selection of different kernels - possibly ...Group -
Disable Recovery Booting
Oracle Linux 9 systems support an "recovery boot" option that can be used to prevent services from being started. The <code>GRUB_DISABLE_RECOVERY</code> configuration option in <code>/etc/default/g...Rule Medium Severity -
Configure kernel to zero out memory before allocation
To configure the kernel to zero out memory before allocating it, add the <code>init_on_alloc=1</code> argument to the default GRUB 2 command line. To ensure that <code>init_on_alloc=1</code> is add...Rule Medium Severity -
Enable randomization of the page allocator
To enable randomization of the page allocator in the kernel, add the <code>page_alloc.shuffle=1</code> argument to the default GRUB 2 command line. To ensure that <code>page_alloc.shuffle=1</code> ...Rule Medium Severity -
Ensure debug-shell service is not enabled during boot
systemd's <code>debug-shell</code> service is intended to diagnose systemd related boot issues with various <code>systemctl</code> commands. Once enabled and following a system reboot, the root she...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules