Skip to content

No profile (default benchmark)

Rules and Groups employed by this XCCDF Profile

  • SRG-APP-000016-WSR-000005

    <GroupDescription></GroupDescription>
    Group
  • OHS must have the OraLogSeverity directive defined to generate adequate information to be used by external applications or entities to monitor and control remote access.

    &lt;VulnDiscussion&gt;Remote access to the web server is any access that communicates through an external, non-organization-controlled network. Rem...
    Rule Medium Severity
  • SRG-APP-000016-WSR-000005

    <GroupDescription></GroupDescription>
    Group
  • OHS must have the log rotation parameter set to allow generated information to be used by external applications or entities to monitor and control remote access.

    &lt;VulnDiscussion&gt;Remote access to the web server is any access that communicates through an external, non-organization-controlled network. Rem...
    Rule Medium Severity
  • SRG-APP-000016-WSR-000005

    <GroupDescription></GroupDescription>
    Group
  • OHS must have a log format defined to generate adequate information to be used by external applications or entities to monitor and control remote access.

    &lt;VulnDiscussion&gt;Remote access to the web server is any access that communicates through an external, non-organization-controlled network. Rem...
    Rule Medium Severity
  • SRG-APP-000016-WSR-000005

    <GroupDescription></GroupDescription>
    Group
  • OHS must have a SSL log format defined to allow generated information to be used by external applications or entities to monitor and control remote access in accordance with the categorization of data hosted by the web server.

    &lt;VulnDiscussion&gt;Remote access to the web server is any access that communicates through an external, non-organization-controlled network. Rem...
    Rule Medium Severity
  • SRG-APP-000016-WSR-000005

    <GroupDescription></GroupDescription>
    Group
  • OHS must have a log file defined for each site/virtual host to capture information to be used by external applications or entities to monitor and control remote access.

    &lt;VulnDiscussion&gt;Remote access to the web server is any access that communicates through an external, non-organization-controlled network. Rem...
    Rule Medium Severity
  • SRG-APP-000315-WSR-000003

    <GroupDescription></GroupDescription>
    Group
  • Remote access to OHS must follow access policy or work in conjunction with enterprise tools designed to enforce policy requirements.

    &lt;VulnDiscussion&gt;Remote access to the web server is any access that communicates through an external, non-organization-controlled network. Rem...
    Rule Medium Severity
  • SRG-APP-000315-WSR-000004

    <GroupDescription></GroupDescription>
    Group
  • OHS must have the Order, Allow, and Deny directives set within the Directory directives set to restrict inbound connections from nonsecure zones.

    &lt;VulnDiscussion&gt;Remote access to the web server is any access that communicates through an external, non-organization-controlled network. Rem...
    Rule Medium Severity
  • SRG-APP-000315-WSR-000004

    <GroupDescription></GroupDescription>
    Group
  • OHS must have the Order, Allow, and Deny directives set within the Files directives set to restrict inbound connections from nonsecure zones.

    &lt;VulnDiscussion&gt;Remote access to the web server is any access that communicates through an external, non-organization-controlled network. Rem...
    Rule Medium Severity
  • SRG-APP-000315-WSR-000004

    <GroupDescription></GroupDescription>
    Group
  • OHS must have the Order, Allow, and Deny directives set within the Location directives set to restrict inbound connections from nonsecure zones.

    &lt;VulnDiscussion&gt;Remote access to the web server is any access that communicates through an external, non-organization-controlled network. Rem...
    Rule Medium Severity
  • SRG-APP-000316-WSR-000170

    <GroupDescription></GroupDescription>
    Group
  • OHS must provide the capability to immediately disconnect or disable remote access to the hosted applications.

    &lt;VulnDiscussion&gt;During an attack on the web server or any of the hosted applications, the system administrator may need to disconnect or disa...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules