Skip to content

ANSSI-BP-028 (high)

Rules and Groups employed by this XCCDF Profile

  • Disable kernel debugfs

    <code>debugfs</code> is a virtual file system that kernel developers use to put debugging files into. Enable this option to be able to read and wri...
    Rule Low Severity
  • Enable checks on linked list manipulation

    Enable this to turn on extended checks in the linked-list walking routines. The configuration that was used to build kernel is available at <code>...
    Rule Low Severity
  • Enable checks on notifier call chains

    Enable this to turn on sanity checking for notifier call chains. This is most useful for kernel developers to make sure that modules properly unreg...
    Rule Low Severity
  • Enable checks on scatter-gather (SG) table operations

    Scatter-gather tables are mechanism used for high performance I/O on DMA devices. Enable this to turn on checks on scatter-gather tables. The conf...
    Rule Low Severity
  • Warn on W+X mappings found at boot

    Generate a warning if any W+X mappings are found at boot. This configuration is available from kernel 5.8. The configuration that was used to buil...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules