Skip to content

Health Insurance Portability and Accountability Act (HIPAA)

Rules and Groups employed by this XCCDF Profile

  • Obsolete Services

    This section discusses a number of network-visible services which have historically caused problems for system security, and for which disabling or...
    Group
  • Xinetd

    The <code>xinetd</code> service acts as a dedicated listener for some network services (mostly, obsolete ones) and can be used to provide access co...
    Group
  • Uninstall xinetd Package

    The xinetd package can be removed with the following command:
    $ sudo zypper remove xinetd
    Rule Low Severity
  • Disable xinetd Service

    The xinetd service can be disabled with the following command:
    $ sudo systemctl mask --now xinetd.service
    Rule Medium Severity
  • Rlogin, Rsh, and Rexec

    The Berkeley r-commands are legacy services which allow cleartext remote access and have an insecure trust model.
    Group
  • Uninstall rsh-server Package

    The rsh-server package can be removed with the following command:
    $ sudo zypper remove rsh-server
    Rule High Severity
  • Disable rexec Service

    The <code>rexec</code> service, which is available with the <code>rsh-server</code> package and runs as a service through xinetd or separately as a...
    Rule High Severity
  • Disable rlogin Service

    The <code>rlogin</code> service, which is available with the <code>rsh-server</code> package and runs as a service through xinetd or separately as ...
    Rule High Severity
  • Remove Rsh Trust Files

    The files <code>/etc/hosts.equiv</code> and <code>~/.rhosts</code> (in each user's home directory) list remote hosts and users that are trusted by ...
    Rule High Severity
  • Chat/Messaging Services

    The talk software makes it possible for users to send and receive messages across systems through a terminal session.
    Group
  • Uninstall talk-server Package

    The talk-server package can be removed with the following command:
     $ sudo zypper remove talk-server
    Rule Medium Severity
  • Uninstall talk Package

    The <code>talk</code> package contains the client program for the Internet talk protocol, which allows the user to chat with other users on differe...
    Rule Medium Severity
  • Telnet

    The telnet protocol does not provide confidentiality or integrity for information transmitted on the network. This includes authentication informat...
    Group
  • Uninstall telnet-server Package

    The telnet-server package can be removed with the following command:
    $ sudo zypper remove telnet-server
    Rule High Severity
  • Remove telnet Clients

    The telnet client allows users to start connections to other systems via the telnet protocol.
    Rule Low Severity
  • Disable telnet Service

    Make sure that the activation of the <code>telnet</code> service on system boot is disabled. The <code>telnet</code> socket can be disabled with t...
    Rule High Severity
  • Network Routing

    A router is a very desirable target for a potential adversary because they fulfill a variety of infrastructure networking roles such as access to ...
    Group
  • Disable Quagga if Possible

    If Quagga was installed and activated, but the system does not need to act as a router, then it should be disabled and removed.
    Group
  • Disable Quagga Service

    The zebra service can be disabled with the following command:
    $ sudo systemctl mask --now zebra.service
    Rule Medium Severity
  • SSH Server

    The SSH protocol is recommended for remote login and remote file transfer. SSH provides confidentiality and integrity for data exchanged between tw...
    Group

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules