Skip to content

DRAFT - DISA STIG with GUI for Oracle Linux 9

Rules and Groups employed by this XCCDF Profile

  • Install the pcsc-lite package

    The pcsc-lite package can be installed with the following command:
    $ sudo yum install pcsc-lite
    Rule Medium Severity
  • Install Smart Card Packages For Multifactor Authentication

    Configure the operating system to implement multifactor authentication by installing the required package with the following command: The <code>op...
    Rule Medium Severity
  • Enable the pcscd Service

    The pcscd service can be enabled with the following command:
    $ sudo systemctl enable pcscd.service
    Rule Medium Severity
  • Configure opensc Smart Card Drivers

    The OpenSC smart card tool can auto-detect smart card drivers; however, setting the smart card drivers in use by your organization helps to prevent...
    Rule Medium Severity
  • Protect Accounts by Restricting Password-Based Login

    Conventionally, Unix shell accounts are accessed by providing a username and password to a login program, which tests these values for correctness ...
    Group
  • Ensure All Accounts on the System Have Unique User IDs

    Change user IDs (UIDs), or delete accounts, so each has a unique name.
    Rule Medium Severity
  • Only Authorized Local User Accounts Exist on Operating System

    Enterprise Application tends to use the server or virtual machine exclusively. Besides the default operating system user, there should be only auth...
    Rule Medium Severity
  • Ensure All Groups on the System Have Unique Group ID

    Change the group name or delete groups, so each has a unique id.
    Rule Medium Severity
  • Set Account Expiration Parameters

    Accounts can be configured to be automatically disabled after a certain time period, meaning that they will require administrator interaction to be...
    Group
  • Set Account Expiration Following Inactivity

    To specify the number of days after a password expires (which signifies inactivity) until an account is permanently disabled, add or correct the fo...
    Rule Medium Severity
  • Assign Expiration Date to Emergency Accounts

    Emergency accounts are privileged accounts established in response to crisis situations where the need for rapid account activation is required. In...
    Rule Medium Severity
  • Assign Expiration Date to Temporary Accounts

    Temporary accounts are established as part of normal account activation procedures when there is a need for short-term accounts. In the event tempo...
    Rule Medium Severity
  • Set Password Expiration Parameters

    The file <code>/etc/login.defs</code> controls several password-related settings. Programs such as <code>passwd</code>, <code>su</code>, and <code>...
    Group
  • Set Password Maximum Age

    To specify password maximum age for new accounts, edit the file <code>/etc/login.defs</code> and add or correct the following line: <pre>PASS_MAX_D...
    Rule Medium Severity
  • Set Password Minimum Age

    To specify password minimum age for new accounts, edit the file <code>/etc/login.defs</code> and add or correct the following line: <pre>PASS_MIN_D...
    Rule Medium Severity
  • Set Existing Passwords Maximum Age

    Configure non-compliant accounts to enforce a <xccdf-1.2:sub idref="xccdf_org.ssgproject.content_value_var_accounts_maximum_age_login_defs" use="le...
    Rule Medium Severity
  • Set Existing Passwords Minimum Age

    Configure non-compliant accounts to enforce a 24 hours/1 day minimum password lifetime by running the following command: <pre>$ sudo chage -m 1 <i>...
    Rule Medium Severity
  • Verify Proper Storage and Existence of Password Hashes

    By default, password hashes for local accounts are stored in the second field (colon-separated) in <code>/etc/shadow</code>. This file should be re...
    Group
  • Verify All Account Password Hashes are Shadowed with SHA512

    Verify the operating system requires the shadow password suite configuration be set to encrypt interactive user passwords using a strong cryptograp...
    Rule Medium Severity
  • Set number of Password Hashing Rounds - password-auth

    Configure the number or rounds for the password hashing algorithm. This can be accomplished by using the <code>rounds</code> option for the <code>p...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules