Skip to content

DRAFT - DISA STIG with GUI for Oracle Linux 9

Rules and Groups employed by this XCCDF Profile

  • Appropriate Action Must be Setup When the Internal Audit Event Queue is Full

    The audit system should have an action setup in the event the internal event queue becomes full. To setup an overflow action edit <code>/etc/audit/...
    Rule Medium Severity
  • Write Audit Logs to the Disk

    To configure Audit daemon to write Audit logs to the disk, set <code>write_logs</code> to <code>yes</code> in <code>/etc/audit/auditd.conf</code>. ...
    Rule Medium Severity
  • System Accounting with auditd

    The <code>auditd</code> program can perform comprehensive monitoring of system activity. This section makes use of recommended configuration settin...
    Group
  • Configure immutable Audit login UIDs

    Configure kernel to prevent modification of login UIDs once they are set. Changing login UIDs while this configuration is enforced requires special...
    Rule Medium Severity
  • GRUB2 bootloader configuration

    During the boot process, the boot loader is responsible for starting the execution of the kernel and passing options to it. The boot loader allows ...
    Group
  • Enable Kernel Page-Table Isolation (KPTI)

    To enable Kernel page-table isolation, add the argument <code>pti=on</code> to the default GRUB 2 command line for the Linux operating system. To e...
    Rule Low Severity
  • Disable vsyscalls

    To disable use of virtual syscalls, add the argument <code>vsyscall=none</code> to the default GRUB 2 command line for the Linux operating system. ...
    Rule Medium Severity
  • Non-UEFI GRUB2 bootloader configuration

    Non-UEFI GRUB2 bootloader configuration
    Group
  • Verify /boot/grub2/grub.cfg Group Ownership

    The file <code>/boot/grub2/grub.cfg</code> should be group-owned by the <code>root</code> group to prevent destruction or modification of the file....
    Rule Medium Severity
  • Set the Boot Loader Admin Username to a Non-Default Value

    The grub2 boot loader should have a superuser account and password protection enabled to protect boot-time settings. <br><br> To maximize the prote...
    Rule High Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules