Skip to content

I - Mission Critical Sensitive

Rules and Groups employed by this XCCDF Profile

  • SRG-OS-000480-GPOS-00227

    <GroupDescription></GroupDescription>
    Group
  • The Photon operating system must be configured so the "/etc/skel" default scripts are protected from unauthorized modification.

    &lt;VulnDiscussion&gt;If the skeleton files are not protected, unauthorized personnel could change user startup parameters and possibly jeopardize ...
    Rule Medium Severity
  • SRG-OS-000480-GPOS-00227

    <GroupDescription></GroupDescription>
    Group
  • The Photon operating system must be configured so the "/root" path is protected from unauthorized access.

    &lt;VulnDiscussion&gt;If the "/root" path is accessible to users other than root, unauthorized users could change the root partitions files.&lt;/Vu...
    Rule Medium Severity
  • SRG-OS-000480-GPOS-00227

    <GroupDescription></GroupDescription>
    Group
  • The Photon operating system must be configured so that all global initialization scripts are protected from unauthorized modification.

    &lt;VulnDiscussion&gt;Local initialization files are used to configure the user's shell environment upon login. Malicious modification of these fil...
    Rule Medium Severity
  • SRG-OS-000480-GPOS-00227

    <GroupDescription></GroupDescription>
    Group
  • The Photon operating system must be configured so that all system startup scripts are protected from unauthorized modification.

    &lt;VulnDiscussion&gt;If system startup scripts are accessible to unauthorized modification, this could compromise the system on startup.&lt;/VulnD...
    Rule Medium Severity
  • SRG-OS-000480-GPOS-00227

    <GroupDescription></GroupDescription>
    Group
  • The Photon operating system must be configured so that all files have a valid owner and group owner.

    &lt;VulnDiscussion&gt;If files do not have valid user and group owners, unintended access to files could occur.&lt;/VulnDiscussion&gt;&lt;FalsePosi...
    Rule Medium Severity
  • SRG-OS-000480-GPOS-00227

    <GroupDescription></GroupDescription>
    Group
  • The Photon operating system must be configured so the "/etc/cron.allow" file is protected from unauthorized modification.

    &lt;VulnDiscussion&gt;If cron files and folders are accessible to unauthorized users, malicious jobs may be created.&lt;/VulnDiscussion&gt;&lt;Fals...
    Rule Medium Severity
  • SRG-OS-000480-GPOS-00227

    <GroupDescription></GroupDescription>
    Group
  • The Photon operating system must be configured so that all cron jobs are protected from unauthorized modification.

    &lt;VulnDiscussion&gt;If cron files and folders are accessible to unauthorized users, malicious jobs may be created.&lt;/VulnDiscussion&gt;&lt;Fals...
    Rule Medium Severity
  • SRG-OS-000480-GPOS-00227

    <GroupDescription></GroupDescription>
    Group
  • The Photon operating system must be configured so that all cron paths are protected from unauthorized modification.

    &lt;VulnDiscussion&gt;If cron files and folders are accessible to unauthorized users, malicious jobs may be created.&lt;/VulnDiscussion&gt;&lt;Fals...
    Rule Medium Severity
  • SRG-OS-000480-GPOS-00227

    <GroupDescription></GroupDescription>
    Group
  • The Photon operating system must not forward IPv4 or IPv6 source-routed packets.

    &lt;VulnDiscussion&gt;Source routing is an Internet Protocol mechanism that allows an IP packet to carry information, a list of addresses, that tel...
    Rule Medium Severity
  • SRG-OS-000480-GPOS-00227

    <GroupDescription></GroupDescription>
    Group
  • The Photon operating system must not respond to IPv4 Internet Control Message Protocol (ICMP) echoes sent to a broadcast address.

    &lt;VulnDiscussion&gt;Responding to broadcast (ICMP) echoes facilitates network mapping and provides a vector for amplification attacks.&lt;/VulnDi...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules