III - Administrative Classified
Rules and Groups employed by this XCCDF Profile
-
SRG-OS-000480-GPOS-00229
<GroupDescription></GroupDescription>Group -
The Photon operating system must configure sshd to disallow HostbasedAuthentication.
<VulnDiscussion>Secure Shell (SSH) trust relationships enable trivial lateral spread after a host compromise and therefore must be explicitly...Rule Medium Severity -
SRG-OS-000073-GPOS-00041
<GroupDescription></GroupDescription>Group -
The Photon operating system must store only encrypted representations of passwords.
<VulnDiscussion>Passwords must be protected at all times via strong, one-way encryption. If passwords are not encrypted, they can be plainly ...Rule Medium Severity -
SRG-OS-000077-GPOS-00045
<GroupDescription></GroupDescription>Group -
The Photon operating system must ensure the old passwords are being stored.
<VulnDiscussion>Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
The Photon operating system must configure sshd to restrict AllowTcpForwarding.
<VulnDiscussion>While enabling Transmission Control Protocol (TCP) tunnels is a valuable function of sshd, this feature is not appropriate fo...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
The Photon operating system must configure sshd to restrict LoginGraceTime.
<VulnDiscussion>By default, sshd unauthenticated connections are left open for two minutes before being closed. This setting is too permissiv...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.