Skip to content

DRAFT - ANSSI-BP-028 (high)

Rules and Groups employed by this XCCDF Profile

  • Enable seccomp to safely compute untrusted bytecode

    This kernel feature is useful for number crunching applications that may need to compute untrusted bytecode during their execution. By using pipes ...
    Rule Medium Severity
  • Enable use of Berkeley Packet Filter with seccomp

    Enable tasks to build secure computing environments defined in terms of Berkeley Packet Filter programs which implement task-defined system call fi...
    Rule Medium Severity
  • Enable different security models

    This allows you to choose different security modules to be configured into your kernel. The configuration that was used to build kernel is availab...
    Rule Medium Severity
  • Restrict unprivileged access to the kernel syslog

    Enforce restrictions on unprivileged users reading the kernel syslog via dmesg(8). The configuration that was used to build kernel is available at...
    Rule Medium Severity
  • Disable mutable hooks

    Ensure kernel structures associated with LSMs are always mapped as read-only after system boot. The configuration that was used to build kernel is...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules