Australian Cyber Security Centre (ACSC) ISM Official
Rules and Groups employed by this XCCDF Profile
-
Disable snmpd Service
Thesnmpdservice can be disabled with the following command:$ sudo systemctl mask --now snmpd.service
Rule Low Severity -
Configure SNMP Server if Necessary
If it is necessary to run the snmpd agent on the system, some best practices should be followed to minimize the security risk from the installation. The multiple security models implemented by SNMP...Group -
Configure SNMP Service to Use Only SNMPv3 or Newer
Edit <code>/etc/snmp/snmpd.conf</code>, removing any references to <code>rocommunity</code>, <code>rwcommunity</code>, or <code>com2sec</code>. Upon doing that, restart the SNMP service: <pre>$ sud...Rule Medium Severity -
SSH Server
The SSH protocol is recommended for remote login and remote file transfer. SSH provides confidentiality and integrity for data exchanged between two systems, as well as server authentication, throu...Group -
Verify Permissions on SSH Server Private *_key Key Files
SSH server private keys - files that match the <code>/etc/ssh/*_key</code> glob, have to have restricted permissions. If those files are owned by the <code>root</code> user and the <code>root</code...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules