Standard System Security Profile for Alibaba Cloud Linux 2
Rules and Groups employed by this XCCDF Profile
-
Services
The best protection against vulnerable software is running less software. This section describes how to review the software which Alibaba Cloud Lin...Group -
Base Services
This section addresses the base services that are installed on a Alibaba Cloud Linux 2 default installation which are not covered in other sections...Group -
Disable Automatic Bug Reporting Tool (abrtd)
The Automatic Bug Reporting Tool (<code>abrtd</code>) daemon collects and reports crash data when an application crash is detected. Using a variety...Rule Medium Severity -
Disable ntpdate Service (ntpdate)
The <code>ntpdate</code> service sets the local hardware clock by polling NTP servers when the system boots. It synchronizes to the NTP servers lis...Rule Low Severity -
Disable Odd Job Daemon (oddjobd)
The <code>oddjobd</code> service exists to provide an interface and access control mechanism through which specified privileged tasks can run tasks...Rule Medium Severity -
Disable Apache Qpid (qpidd)
The <code>qpidd</code> service provides high speed, secure, guaranteed delivery services. It is an implementation of the Advanced Message Queuing ...Rule Low Severity -
Disable Network Router Discovery Daemon (rdisc)
The <code>rdisc</code> service implements the client side of the ICMP Internet Router Discovery Protocol (IRDP), which allows discovery of routers ...Rule Medium Severity -
Cron and At Daemons
The cron and at services are used to allow commands to be executed at a later time. The cron service is required by almost all systems to perform n...Group -
Disable At Service (atd)
The <code>at</code> and <code>batch</code> commands can be used to schedule tasks that are meant to be executed only once. This allows delayed exec...Rule Medium Severity -
LDAP
LDAP is a popular directory service, that is, a standardized way of looking up information from a central database. Alibaba Cloud Linux 2 includes ...Group -
Configure OpenLDAP Clients
This section provides information on which security settings are important to configure in OpenLDAP clients by manually editing the appropriate con...Group -
Ensure LDAP client is not installed
The Lightweight Directory Access Protocol (LDAP) is a service that provides a method for looking up information from a central database. The <code>...Rule Low Severity -
Network Time Protocol
The Network Time Protocol is used to manage the system clock over a network. Computer clocks are not very accurate, so time will drift unpredictabl...Group -
Enable the NTP Daemon
Run the following command to determine the current status of the <code>chronyd</code> service: <pre>$ sudo systemctl is-active chronyd</pre> If t...Rule Medium Severity -
Specify a Remote NTP Server
Depending on specific functional requirements of a concrete production environment, the Alibaba Cloud Linux 2 system can be configured to utilize t...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules