Skip to content

III - Administrative Classified

Rules and Groups employed by this XCCDF Profile

  • SRG-OS-000480

    <GroupDescription></GroupDescription>
    Group
  • Login services for serial ports must be disabled.

    &lt;VulnDiscussion&gt;Login services should not be enabled on any serial ports that are not strictly required to support the mission of the system....
    Rule Medium Severity
  • SRG-OS-000480

    <GroupDescription></GroupDescription>
    Group
  • Access to a domain console via telnet must be restricted to the local host.

    &lt;VulnDiscussion&gt;Telnet is an insecure protocol.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;...
    Rule Medium Severity
  • SRG-OS-000480

    <GroupDescription></GroupDescription>
    Group
  • Access to a logical domain console must be restricted to authorized users.

    &lt;VulnDiscussion&gt;A logical domain is a discrete, logical grouping with its own operating system, resources, and identity within a single compu...
    Rule Medium Severity
  • SRG-OS-000480

    <GroupDescription></GroupDescription>
    Group
  • The nobody access for RPC encryption key storage service must be disabled.

    &lt;VulnDiscussion&gt;If login by the user "nobody" is allowed for secure RPC, there is an increased risk of system compromise. If keyserv holds a ...
    Rule Medium Severity
  • SRG-OS-000480

    <GroupDescription></GroupDescription>
    Group
  • X11 forwarding for SSH must be disabled.

    &lt;VulnDiscussion&gt;As enabling X11 Forwarding on the host can permit a malicious user to secretly open another X11 connection to another remote ...
    Rule Medium Severity
  • SRG-OS-000480

    <GroupDescription></GroupDescription>
    Group
  • Consecutive login attempts for SSH must be limited to 3.

    &lt;VulnDiscussion&gt;Setting the authentication login limit to a low value will disconnect the attacker and force a reconnect, which severely limi...
    Rule Low Severity
  • SRG-OS-000480

    <GroupDescription></GroupDescription>
    Group
  • The rhost-based authentication for SSH must be disabled.

    &lt;VulnDiscussion&gt;Setting this parameter forces users to enter a password when authenticating with SSH.&lt;/VulnDiscussion&gt;&lt;FalsePositive...
    Rule Medium Severity
  • SRG-OS-000480

    <GroupDescription></GroupDescription>
    Group
  • Direct root account login must not be permitted for SSH access.

    &lt;VulnDiscussion&gt;The system should not allow users to log in as the root user directly, as audited actions would be non-attributable to a spec...
    Rule Medium Severity
  • SRG-OS-000480

    <GroupDescription></GroupDescription>
    Group
  • Login must not be permitted with empty/null passwords for SSH.

    &lt;VulnDiscussion&gt;Permitting login without a password is inherently risky.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&...
    Rule High Severity
  • SRG-OS-000163

    <GroupDescription></GroupDescription>
    Group
  • The operating system must terminate the network connection associated with a communications session at the end of the session or after 10 minutes of inactivity.

    &lt;VulnDiscussion&gt;This requirement applies to both internal and external networks. Terminating network connections associated with communicat...
    Rule Low Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules