Australian Cyber Security Centre (ACSC) ISM Official
Rules and Groups employed by this XCCDF Profile
-
Account and Access Control
In traditional Unix security, if an attacker gains shell access to a certain login account, they can perform any action or access any file to which that account has access. Therefore, making it mor...Group -
Enable authselect
Configure user authentication setup to use the <code>authselect</code> tool. If authselect profile is selected, the rule will enable the <xccdf-1.2:sub idref="xccdf_org.ssgproject.content_value_var...Rule Medium Severity -
Protect Accounts by Configuring PAM
PAM, or Pluggable Authentication Modules, is a system which implements modular authentication for Linux programs. PAM provides a flexible and configurable architecture for authentication, and it sh...Group -
Set Lockouts for Failed Password Attempts
The <code>pam_faillock</code> PAM module provides the capability to lock out user accounts after a number of failed login attempts. Its documentation is available in <code>/usr/share/doc/pam-VERSIO...Group -
Lock Accounts After Failed Password Attempts
This rule configures the system to lock out accounts after a number of incorrect login attempts using <code>pam_faillock.so</code>. pam_faillock.so module requires multiple entries in pam files. Th...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules