DISA STIG for Red Hat Enterprise Linux CoreOS
Rules and Groups employed by this XCCDF Profile
-
Enable page allocator poisoning
To enable poisoning of free pages, add the argument <code>page_poison=1</code> to all BLS (Boot Loader Specification) entries ('options' line) for the Linux operating system in <code>/boot/loader/e...Rule Medium Severity -
Enable SLUB/SLAB allocator poisoning
To enable poisoning of SLUB/SLAB objects, add the argument <code>slub_debug=P</code> to all BLS (Boot Loader Specification) entries ('options' line) for the Linux operating system in <code>/boot/lo...Rule Medium Severity -
SELinux
SELinux is a feature of the Linux kernel which can be used to guard against misconfigured or compromised programs. SELinux enforces the idea that programs should be limited in what files they can a...Group -
Ensure SELinux Not Disabled in the kernel arguments
SELinux can be disabled at boot time by disabling it via a kernel argument. Remove any instances of <code>selinux=0</code> from the kernel arguments in that file to prevent SELinux from being disab...Rule Medium Severity -
Configure SELinux Policy
The SELinux <code>targeted</code> policy is appropriate for general-purpose desktops and servers, as well as systems in many other roles. To configure the system to use this policy, add or correct ...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules