DRAFT - ANSSI-BP-028 (enhanced)
Rules and Groups employed by this XCCDF Profile
-
Verify /boot/grub2/user.cfg Group Ownership
The file <code>/boot/grub2/user.cfg</code> should be group-owned by the <code>root</code> group to prevent reading or modification of the file. To properly set the group owner of <code>/boot/grub2...Rule Medium Severity -
Verify the UEFI Boot Loader grub.cfg User Ownership
The file <code>/boot/grub2/grub.cfg</code> should be owned by the <code>root</code> user to prevent destruction or modification of the file. To properly set the owner of <code>/boot/grub2/grub.cfg...Rule Medium Severity -
Verify /boot/grub2/user.cfg User Ownership
The file <code>/boot/grub2/user.cfg</code> should be owned by the <code>root</code> user to prevent reading or modification of the file. To properly set the owner of <code>/boot/grub2/user.cfg</co...Rule Medium Severity -
Verify the UEFI Boot Loader grub.cfg Permissions
File permissions for <code>/boot/grub2/grub.cfg</code> should be set to 700. To properly set the permissions of <code>/boot/grub2/grub.cfg</code>, run the command: <pre>$ sudo chmod 700 /boot/grub...Rule Medium Severity -
Verify /boot/grub2/user.cfg Permissions
File permissions for <code>/boot/grub2/user.cfg</code> should be set to 600. To properly set the permissions of <code>/boot/grub2/user.cfg</code>, run the command: <pre>$ sudo chmod 600 /boot/grub...Rule Medium Severity -
Verify Group Who Owns /etc/ipsec.d Directory
To properly set the group owner of/etc/ipsec.d, run the command:$ sudo chgrp root /etc/ipsec.d
Rule Medium Severity -
Verify User Who Owns /etc/ipsec.d Directory
To properly set the owner of/etc/ipsec.d, run the command:$ sudo chown root /etc/ipsec.d
Rule Medium Severity -
Verify Permissions On /etc/ipsec.d Directory
To properly set the permissions of/etc/ipsec.d, run the command:$ sudo chmod 0700 /etc/ipsec.d
Rule Medium Severity -
Verify Group Who Owns /etc/ipsec.conf File
To properly set the group owner of/etc/ipsec.conf, run the command:$ sudo chgrp root /etc/ipsec.conf
Rule Medium Severity -
Verify Group Who Owns /etc/ipsec.secrets File
To properly set the group owner of/etc/ipsec.secrets, run the command:$ sudo chgrp root /etc/ipsec.secrets
Rule Medium Severity -
Verify User Who Owns /etc/ipsec.conf File
To properly set the owner of/etc/ipsec.conf, run the command:$ sudo chown root /etc/ipsec.conf
Rule Medium Severity -
Verify User Who Owns /etc/ipsec.secrets File
To properly set the owner of/etc/ipsec.secrets, run the command:$ sudo chown root /etc/ipsec.secrets
Rule Medium Severity -
Verify Permissions On /etc/ipsec.conf File
To properly set the permissions of/etc/ipsec.conf, run the command:$ sudo chmod 0644 /etc/ipsec.conf
Rule Medium Severity -
Verify Permissions On /etc/ipsec.secrets File
To properly set the permissions of/etc/ipsec.secrets, run the command:$ sudo chmod 0644 /etc/ipsec.secrets
Rule Medium Severity -
Verify Group Who Owns /etc/iptables Directory
To properly set the group owner of/etc/iptables, run the command:$ sudo chgrp root /etc/iptables
Rule Medium Severity -
Verify User Who Owns /etc/iptables Directory
To properly set the owner of/etc/iptables, run the command:$ sudo chown root /etc/iptables
Rule Medium Severity -
Verify Permissions On /etc/iptables Directory
To properly set the permissions of/etc/iptables, run the command:$ sudo chmod 0700 /etc/iptables
Rule Medium Severity -
Verify Group Who Owns /etc/nftables Directory
To properly set the group owner of/etc/nftables, run the command:$ sudo chgrp root /etc/nftables
Rule Medium Severity -
Verify User Who Owns /etc/nftables Directory
To properly set the owner of/etc/nftables, run the command:$ sudo chown root /etc/nftables
Rule Medium Severity -
Verify Permissions On /etc/nftables Directory
To properly set the permissions of/etc/nftables, run the command:$ sudo chmod 0700 /etc/nftables
Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.