III - Administrative Classified
Rules and Groups employed by this XCCDF Profile
-
SRG-OS-000114-GPOS-00059
<GroupDescription></GroupDescription>Group -
The Oracle Linux operating system must disable the graphical user interface automounter unless required.
<VulnDiscussion>Automatically mounting file systems permits easy introduction of unknown devices, thereby facilitating malicious activity. S...Rule Medium Severity -
SRG-OS-000373-GPOS-00156
<GroupDescription></GroupDescription>Group -
The Oracle Linux operating system must be configured so users must re-authenticate for privilege escalation.
<VulnDiscussion>Without re-authentication, users may access resources or perform tasks for which they do not have authorization. When opera...Rule Medium Severity -
SRG-OS-000445-GPOS-00199
<GroupDescription></GroupDescription>Group -
The Oracle Linux operating system must enable the SELinux targeted policy.
<VulnDiscussion>Without verification of the security functions, security functions may not operate correctly and the failure may go unnoticed...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
The Oracle Linux operating system SSH daemon must prevent remote hosts from connecting to the proxy display.
<VulnDiscussion>When X11 forwarding is enabled, there may be additional exposure to the server and client displays if the sshd proxy display ...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
The Oracle Linux operating system must restrict privilege elevation to authorized personnel.
<VulnDiscussion>The sudo command allows a user to execute programs with elevated (administrator) privileges. It prompts the user for their pa...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
The Oracle Linux operating system must use the invoking user's password for privilege escalation when using "sudo".
<VulnDiscussion>The sudoers security policy requires that users authenticate themselves before they can use sudo. When sudoers requires authe...Rule Medium Severity -
SRG-OS-000373-GPOS-00156
<GroupDescription></GroupDescription>Group -
The Oracle Linux operating system must require re-authentication when using the "sudo" command.
<VulnDiscussion>Without re-authentication, users may access resources or perform tasks for which they do not have authorization. When opera...Rule Medium Severity -
SRG-OS-000080-GPOS-00048
<GroupDescription></GroupDescription>Group -
Oracle Linux operating systems version 7.2 or newer booted with a BIOS must have a unique name for the grub superusers account when booting into single-user and maintenance modes.
<VulnDiscussion>If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes ...Rule Medium Severity -
SRG-OS-000080-GPOS-00048
<GroupDescription></GroupDescription>Group -
Oracle Linux operating systems version 7.2 or newer booted with United Extensible Firmware Interface (UEFI) must have a unique name for the grub superusers account when booting into single-user mode and maintenance.
<VulnDiscussion>If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes ...Rule Medium Severity -
SRG-OS-000324-GPOS-00125
<GroupDescription></GroupDescription>Group -
The Oracle Linux operating system must confine SELinux users to roles that conform to least privilege.
<VulnDiscussion>Preventing nonprivileged users from executing privileged functions mitigates the risk that unauthorized individuals or proces...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.