Skip to content
Log In

ANSSI-BP-028 (high)

Rules and Groups employed by this XCCDF Profile

  • Set Root Account Password Maximum Age

    Configure the root account to enforce a <xccdf-1.2:sub idref="xccdf_org.ssgproject.content_value_var_accounts_maximum_age_root" use="legacy"></xccdf-1.2:sub>-day maximum password lifetime restricti...
    Rule Medium Severity
    Show

  • Ensure AppArmor is installed

    AppArmor provide Mandatory Access Controls.
    Rule Medium Severity
    Show

  • Ensure AppArmor is enabled in the bootloader configuration

    Configure AppArmor to be enabled at boot time and verify that it has not been overwritten by the bootloader boot parameters. Note: This recommendation is designed around the grub bootloader, if LI...
    Rule Medium Severity
    Show

  • Verify /boot/grub2/user.cfg Group Ownership

    The file <code>/boot/grub2/user.cfg</code> should be group-owned by the <code>root</code> group to prevent reading or modification of the file. To properly set the group owner of <code>/boot/grub2...
    Rule Medium Severity
    Show

  • Verify /boot/grub2/user.cfg User Ownership

    The file <code>/boot/grub2/user.cfg</code> should be owned by the <code>root</code> user to prevent reading or modification of the file. To properly set the owner of <code>/boot/grub2/user.cfg</co...
    Rule Medium Severity
    Show

  • Verify /boot/grub2/user.cfg Permissions

    File permissions for <code>/boot/grub2/user.cfg</code> should be set to 600. To properly set the permissions of <code>/boot/grub2/user.cfg</code>, run the command: <pre>$ sudo chmod 600 /boot/grub...
    Rule Medium Severity
    Show

  • Verify the UEFI Boot Loader grub.cfg Group Ownership

    The file <code>/boot/efi/EFI/sles/grub.cfg</code> should be group-owned by the <code>root</code> group to prevent destruction or modification of the file. To properly set the group owner of <code>...
    Rule Medium Severity
    Show

  • Verify /boot/efi/EFI/sles/user.cfg Group Ownership

    The file <code>/boot/efi/EFI/sles/user.cfg</code> should be group-owned by the <code>root</code> group to prevent reading or modification of the file. To properly set the group owner of <code>/boo...
    Rule Medium Severity
    Show

  • Verify the UEFI Boot Loader grub.cfg User Ownership

    The file <code>/boot/efi/EFI/sles/grub.cfg</code> should be owned by the <code>root</code> user to prevent destruction or modification of the file. To properly set the owner of <code>/boot/efi/EFI...
    Rule Medium Severity
    Show

  • Verify /boot/efi/EFI/sles/user.cfg User Ownership

    The file <code>/boot/efi/EFI/sles/user.cfg</code> should be owned by the <code>root</code> user to prevent reading or modification of the file. To properly set the owner of <code>/boot/efi/EFI/sle...
    Rule Medium Severity
    Show

  • Verify the UEFI Boot Loader grub.cfg Permissions

    File permissions for <code>/boot/efi/EFI/sles/grub.cfg</code> should be set to 700. To properly set the permissions of <code>/boot/efi/EFI/sles/grub.cfg</code>, run the command: <pre>$ sudo chmod ...
    Rule Medium Severity
    Show

  • Verify /boot/efi/EFI/sles/user.cfg Permissions

    File permissions for <code>/boot/efi/EFI/sles/user.cfg</code> should be set to 600. To properly set the permissions of <code>/boot/efi/EFI/sles/user.cfg</code>, run the command: <pre>$ sudo chmod ...
    Rule Medium Severity
    Show

  • Verify Group Who Owns /etc/ipsec.d Directory

    To properly set the group owner of /etc/ipsec.d, run the command: 
    $ sudo chgrp root /etc/ipsec.d
    Rule Medium Severity
    Show

  • Verify User Who Owns /etc/ipsec.d Directory

    To properly set the owner of /etc/ipsec.d, run the command: 
    $ sudo chown root /etc/ipsec.d
    Rule Medium Severity
    Show

  • Verify Permissions On /etc/ipsec.d Directory

    To properly set the permissions of /etc/ipsec.d, run the command: 
    $ sudo chmod 0700 /etc/ipsec.d
    Rule Medium Severity
    Show

  • Verify Group Who Owns /etc/ipsec.conf File

    To properly set the group owner of /etc/ipsec.conf, run the command: 
    $ sudo chgrp root /etc/ipsec.conf
    Rule Medium Severity
    Show

  • Verify Group Who Owns /etc/ipsec.secrets File

    To properly set the group owner of /etc/ipsec.secrets, run the command: 
    $ sudo chgrp root /etc/ipsec.secrets
    Rule Medium Severity
    Show

  • Verify User Who Owns /etc/ipsec.conf File

    To properly set the owner of /etc/ipsec.conf, run the command: 
    $ sudo chown root /etc/ipsec.conf
    Rule Medium Severity
    Show

  • Verify User Who Owns /etc/ipsec.secrets File

    To properly set the owner of /etc/ipsec.secrets, run the command: 
    $ sudo chown root /etc/ipsec.secrets
    Rule Medium Severity
    Show

  • Verify Permissions On /etc/ipsec.conf File

    To properly set the permissions of /etc/ipsec.conf, run the command: 
    $ sudo chmod 0644 /etc/ipsec.conf
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules