Skip to content

Protection Profile for General Purpose Operating Systems

Rules and Groups employed by this XCCDF Profile

  • Ensure /var Located On Separate Partition

    The <code>/var</code> directory is used by daemons and other system services to store frequently-changing data. Ensure that <code>/var</code> has i...
    Rule Low Severity
  • Ensure /var/log Located On Separate Partition

    System logs are stored in the <code>/var/log</code> directory. Ensure that <code>/var/log</code> has its own partition or logical volume at instal...
    Rule Low Severity
  • Ensure /var/log/audit Located On Separate Partition

    Audit logs are stored in the <code>/var/log/audit</code> directory. Ensure that <code>/var/log/audit</code> has its own partition or logical volum...
    Rule Low Severity
  • Ensure /var/tmp Located On Separate Partition

    The <code>/var/tmp</code> directory is a world-writable directory used for temporary file storage. Ensure it has its own partition or logical volum...
    Rule Medium Severity
  • Sudo

    <code>Sudo</code>, which stands for "su 'do'", provides the ability to delegate authority to certain users, groups of users, or system administrato...
    Group
  • Install sudo Package

    The sudo package can be installed with the following command:
    $ sudo yum install sudo
    Rule Medium Severity
  • System Tooling / Utilities

    The following checks evaluate the system for recommended base packages -- both for installation and removal.
    Group
  • Install dnf-plugin-subscription-manager Package

    The <code>dnf-plugin-subscription-manager</code> package can be installed with the following command: <pre> $ sudo yum install dnf-plugin-subscript...
    Rule Medium Severity
  • Ensure gnutls-utils is installed

    The gnutls-utils package can be installed with the following command:
    $ sudo yum install gnutls-utils
    Rule Medium Severity
  • Install openscap-scanner Package

    The openscap-scanner package can be installed with the following command:
    $ sudo yum install openscap-scanner
    Rule Medium Severity
  • Install scap-security-guide Package

    The scap-security-guide package can be installed with the following command:
    $ sudo yum install scap-security-guide
    Rule Medium Severity
  • Install subscription-manager Package

    The subscription-manager package can be installed with the following command:
    $ sudo yum install subscription-manager
    Rule Medium Severity
  • Uninstall abrt-addon-ccpp Package

    The abrt-addon-ccpp package can be removed with the following command:
    $ sudo yum erase abrt-addon-ccpp
    Rule Low Severity
  • Uninstall abrt-addon-kerneloops Package

    The abrt-addon-kerneloops package can be removed with the following command:
    $ sudo yum erase abrt-addon-kerneloops
    Rule Low Severity
  • Uninstall abrt-cli Package

    The abrt-cli package can be removed with the following command:
    $ sudo yum erase abrt-cli
    Rule Low Severity
  • Uninstall abrt-plugin-sosreport Package

    The abrt-plugin-sosreport package can be removed with the following command:
    $ sudo yum erase abrt-plugin-sosreport
    Rule Low Severity
  • Uninstall gssproxy Package

    The gssproxy package can be removed with the following command:
    $ sudo yum erase gssproxy
    Rule Medium Severity
  • Uninstall iprutils Package

    The iprutils package can be removed with the following command:
    $ sudo yum erase iprutils
    Rule Medium Severity
  • Uninstall krb5-workstation Package

    The krb5-workstation package can be removed with the following command:
    $ sudo yum erase krb5-workstation
    Rule Medium Severity
  • Uninstall libreport-plugin-logger Package

    The libreport-plugin-logger package can be removed with the following command:
    $ sudo yum erase libreport-plugin-logger
    Rule Low Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules