Skip to content
Log In

Australian Cyber Security Centre (ACSC) ISM Official

Rules and Groups employed by this XCCDF Profile

  • Disable X11 Forwarding

    The X11Forwarding parameter provides the ability to tunnel X11 traffic through the connection to enable remote graphic connections. SSH has the capability to encrypt remote X11 connections when SSH...
    Rule Medium Severity
    Show

  • Do Not Allow SSH Environment Options

    Ensure that users are not able to override environment variables of the SSH daemon. <br> The default SSH configuration disables environment processing. The appropriate configuration is used if no v...
    Rule Medium Severity
    Show

  • Enable Use of Strict Mode Checking

    SSHs <code>StrictModes</code> option checks file and ownership permissions in the user's home directory <code>.ssh</code> folder before accepting login. If world- writable permissions are found, lo...
    Rule Medium Severity
    Show

  • Enable SSH Warning Banner

    To enable the warning banner and ensure it is consistent across the system, add or correct the following line in <code>/etc/ssh/sshd_config</code>: <pre>Banner /etc/issue</pre> Another section c...
    Rule Medium Severity
    Show

  • Enable SSH Print Last Log

    Ensure that SSH will display the date and time of the last successful account logon. <br> The default SSH configuration enables print of the date and time of the last login. The appropriate configu...
    Rule Medium Severity
    Show

  • Set LogLevel to INFO

    The INFO parameter specifices that record login and logout activity will be logged. <br> The default SSH configuration sets the log level to INFO. The appropriate configuration is used if no value ...
    Rule Low Severity
    Show

  • Set SSH authentication attempt limit

    The <code>MaxAuthTries</code> parameter specifies the maximum number of authentication attempts permitted per connection. Once the number of failures reaches half this value, additional failures ar...
    Rule Medium Severity
    Show

  • USBGuard daemon

    The USBGuard daemon enforces the USB device authorization policy for all USB devices.
    Group
    Show

  • Install usbguard Package

    The usbguard package can be installed with the following command: 
    $ sudo yum install usbguard
    Rule Medium Severity
    Show

  • Enable the USBGuard Service

    The USBGuard service should be enabled. The usbguard service can be enabled with the following command: 
    $ sudo systemctl enable usbguard.service
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules