Skip to content
Log In

DRAFT - DISA STIG for Oracle Linux 9

Rules and Groups employed by this XCCDF Profile

  • The Chronyd service is enabled

    chrony is a daemon which implements the Network Time Protocol (NTP) is designed to synchronize system clocks across a variety of systems and use a source that is highly accurate. More information o...
    Rule Medium Severity
    Show

  • Disable chrony daemon from acting as server

    The <code>port</code> option in <code>/etc/chrony.conf</code> can be set to <code>0</code> to make chrony daemon to never open any listening port for server operation and to operate strictly in a c...
    Rule Low Severity
    Show

  • Disable network management of chrony daemon

    The cmdport option in /etc/chrony.conf can be set to 0 to stop chrony daemon from listening on the UDP port 323 for management connections made by chronyc.
    Rule Low Severity
    Show

  • Configure Time Service Maxpoll Interval

    The <code>maxpoll</code> should be configured to <xccdf-1.2:sub idref="xccdf_org.ssgproject.content_value_var_time_service_set_maxpoll" use="legacy"></xccdf-1.2:sub> in <code>/etc/ntp.conf</code> o...
    Rule Medium Severity
    Show

  • Ensure Chrony is only configured with the server directive

    Check that Chrony only has time sources configured with the server directive.
    Rule Medium Severity
    Show

  • Obsolete Services

    This section discusses a number of network-visible services which have historically caused problems for system security, and for which disabling or severely limiting the service has been the best a...
    Group
    Show

  • Rlogin, Rsh, and Rexec

    The Berkeley r-commands are legacy services which allow cleartext remote access and have an insecure trust model.
    Group
    Show

  • Uninstall rsh-server Package

    The rsh-server package can be removed with the following command: 
    $ sudo yum erase rsh-server
    Rule High Severity
    Show

  • Remove Host-Based Authentication Files

    The <code>shosts.equiv</code> file lists remote hosts and users that are trusted by the local system. To remove these files, run the following command to delete them from any location: <pre>$ sudo ...
    Rule High Severity
    Show

  • Remove User Host-Based Authentication Files

    The <code>~/.shosts</code> (in each user's home directory) files list remote hosts and users that are trusted by the local system. To remove these files, run the following command to delete them fr...
    Rule High Severity
    Show

  • Telnet

    The telnet protocol does not provide confidentiality or integrity for information transmitted on the network. This includes authentication information such as passwords. Organizations which use tel...
    Group
    Show

  • Uninstall telnet-server Package

    The telnet-server package can be removed with the following command: 
    $ sudo yum erase telnet-server
    Rule High Severity
    Show

  • TFTP Server

    TFTP is a lightweight version of the FTP protocol which has traditionally been used to configure networking equipment. However, TFTP provides little security, and modern versions of networking oper...
    Group
    Show

  • Uninstall tftp-server Package

    The tftp-server package can be removed with the following command: 
     $ sudo yum erase tftp-server
    Rule High Severity
    Show

  • Ensure tftp Daemon Uses Secure Mode

    If running the Trivial File Transfer Protocol (TFTP) service is necessary, it should be configured to change its root directory at startup. To do so, find the path for the <code>tftp</code> systemd...
    Rule Medium Severity
    Show

  • Network Routing

    A router is a very desirable target for a potential adversary because they fulfill a variety of infrastructure networking roles such as access to network segments, gateways to other networks, filt...
    Group
    Show

  • Disable Quagga if Possible

    If Quagga was installed and activated, but the system does not need to act as a router, then it should be disabled and removed.
    Group
    Show

  • Uninstall quagga Package

    The quagga package can be removed with the following command: 
     $ sudo yum erase quagga
    Rule Low Severity
    Show

  • SSH Server

    The SSH protocol is recommended for remote login and remote file transfer. SSH provides confidentiality and integrity for data exchanged between two systems, as well as server authentication, throu...
    Group
    Show

  • Install OpenSSH client software

    The openssh-clients package can be installed with the following command: 
    $ sudo yum install openssh-clients
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules