Profile for ANSSI DAT-NT28 Minimal Level
Rules and Groups employed by this XCCDF Profile
-
System Settings
Contains rules that check correct system settings.Group -
Installing and Maintaining Software
The following sections contain information on security-relevant choices during the initial operating system installation process and the setup of s...Group -
Sudo
<code>Sudo</code>, which stands for "su 'do'", provides the ability to delegate authority to certain users, groups of users, or system administrato...Group -
Ensure Users Re-Authenticate for Privilege Escalation - sudo !authenticate
The sudo <code>!authenticate</code> option, when specified, allows a user to execute commands using sudo without having to authenticate. This shoul...Rule Medium Severity -
Ensure Users Re-Authenticate for Privilege Escalation - sudo NOPASSWD
The sudo <code>NOPASSWD</code> tag, when specified, allows a user to execute commands using sudo without having to authenticate. This should be dis...Rule Medium Severity -
File Permissions and Masks
Traditional Unix security relies heavily on file and directory permissions to prevent unauthorized users from reading or modifying files to which t...Group -
Verify Permissions on Important Files and Directories
Permissions for many files on a system must be set restrictively to ensure sensitive information is properly protected. This section discusses impo...Group -
Verify Permissions on Files with Local Account Information and Credentials
The default restrictive permissions for files which act as important security databases such as <code>passwd</code>, <code>shadow</code>, <code>gro...Group -
Verify Group Who Owns group File
To properly set the group owner of/etc/group, run the command:$ sudo chgrp root /etc/group
Rule Medium Severity -
Verify Group Who Owns gshadow File
To properly set the group owner of/etc/gshadow, run the command:$ sudo chgrp shadow /etc/gshadow
Rule Medium Severity -
Verify Group Who Owns passwd File
To properly set the group owner of/etc/passwd, run the command:$ sudo chgrp root /etc/passwd
Rule Medium Severity -
Verify Group Who Owns shadow File
To properly set the group owner of/etc/shadow, run the command:$ sudo chgrp shadow /etc/shadow
Rule Medium Severity -
Verify User Who Owns group File
To properly set the owner of/etc/group, run the command:$ sudo chown root /etc/group
Rule Medium Severity -
Verify User Who Owns gshadow File
To properly set the owner of/etc/gshadow, run the command:$ sudo chown root /etc/gshadow
Rule Medium Severity -
Verify User Who Owns passwd File
To properly set the owner of/etc/passwd, run the command:$ sudo chown root /etc/passwd
Rule Medium Severity -
Verify User Who Owns shadow File
To properly set the owner of/etc/shadow, run the command:$ sudo chown root /etc/shadow
Rule Medium Severity -
Verify Permissions on group File
To properly set the permissions of/etc/group, run the command:$ sudo chmod 0644 /etc/group
Rule Medium Severity -
Verify Permissions on gshadow File
To properly set the permissions of/etc/gshadow, run the command:$ sudo chmod 0640 /etc/gshadow
Rule Medium Severity -
Verify Permissions on passwd File
To properly set the permissions of/etc/passwd, run the command:$ sudo chmod 0644 /etc/passwd
Rule Medium Severity -
Verify Permissions on shadow File
To properly set the permissions of/etc/shadow, run the command:$ sudo chmod 0640 /etc/shadow
Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.