DRAFT - DISA STIG with GUI for Oracle Linux 9
Rules and Groups employed by this XCCDF Profile
-
Ensure that Users Have Sensible Umask Values
The umask setting controls the default permissions for the creation of new files. With a default <code>umask</code> setting of 077, files and direc...Group -
Ensure the Default Bash Umask is Set Correctly
To ensure the default umask for users of the Bash shell is set properly, add or correct the <code>umask</code> setting in <code>/etc/bashrc</code> ...Rule Medium Severity -
Ensure the Default C Shell Umask is Set Correctly
To ensure the default umask for users of the C shell is set properly, add or correct the <code>umask</code> setting in <code>/etc/csh.cshrc</code> ...Rule Medium Severity -
Ensure the Default Umask is Set Correctly in login.defs
To ensure the default umask controlled by <code>/etc/login.defs</code> is set properly, add or correct the <code>UMASK</code> setting in <code>/etc...Rule Medium Severity -
Ensure the Default Umask is Set Correctly in /etc/profile
To ensure the default umask controlled by <code>/etc/profile</code> is set properly, add or correct the <code>umask</code> setting in <code>/etc/pr...Rule Medium Severity -
Ensure the Default Umask is Set Correctly For Interactive Users
Remove theUMASK
environment variable from all interactive users initialization files.Rule Medium Severity -
System Accounting with auditd
The audit service provides substantial capabilities for recording system activities. By default, the service audits about SELinux AVC denials and c...Group -
Install audispd-plugins Package
Theaudispd-plugins
package can be installed with the following command:$ sudo yum install audispd-plugins
Rule Medium Severity -
Ensure the audit Subsystem is Installed
The audit package should be installed.Rule Medium Severity -
Enable auditd Service
The <code>auditd</code> service is an essential userspace component of the Linux Auditing System, as it is responsible for writing audit records to...Rule Medium Severity -
Enable Auditing for Processes Which Start Prior to the Audit Daemon
To ensure all processes can be audited, even those which start prior to the audit daemon, add the argument <code>audit=1</code> to the default GRUB...Rule Low Severity -
Extend Audit Backlog Limit for the Audit Daemon
To improve the kernel capacity to queue all log events, even those which occurred prior to the audit daemon, add the argument <code>audit_backlog_l...Rule Low Severity -
Configure auditd Rules for Comprehensive Auditing
The <code>auditd</code> program can perform comprehensive monitoring of system activity. This section describes recommended configuration settings ...Group -
Make the auditd Configuration Immutable
If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default),...Rule Medium Severity -
Ensure auditd Collects Information on Exporting to Media (successful)
At a minimum, the audit system should collect media exportation events for all users and root. If the <code>auditd</code> daemon is configured to u...Rule Medium Severity -
Ensure auditd Collects System Administrator Actions - /etc/sudoers
At a minimum, the audit system should collect administrator actions for all users and root. If the <code>auditd</code> daemon is configured to use ...Rule Medium Severity -
Ensure auditd Collects System Administrator Actions - /etc/sudoers.d/
At a minimum, the audit system should collect administrator actions for all users and root. If the <code>auditd</code> daemon is configured to use ...Rule Medium Severity -
Record Events When Privileged Executables Are Run
Verify the system generates an audit record when privileged functions are executed. If audit is using the "auditctl" tool to load the rules, run t...Rule Medium Severity -
Shutdown System When Auditing Failures Occur
If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default),...Rule Medium Severity -
Record Events that Modify User/Group Information - /etc/group
If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default),...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.