Skip to content
Log In

ANSSI-BP-028 (intermediary)

Rules and Groups employed by this XCCDF Profile

  • Verify Permissions on SSH Server Public *.pub Key Files

    To properly set the permissions of /etc/ssh/*.pub, run the command: 
    $ sudo chmod 0644 /etc/ssh/*.pub
    Rule Medium Severity
    Show

  • Configure OpenSSH Server if Necessary

    If the system needs to act as an SSH server, then certain changes should be made to the OpenSSH daemon configuration file <code>/etc/ssh/sshd_config</code>. The following recommendations can be app...
    Group
    Show

  • Disable SSH Root Login

    The root user should never be allowed to login to a system directly over a network. To disable root login via SSH, add or correct the following line in <code>/etc/ssh/sshd_config.d/00-compliancea...
    Rule Medium Severity
    Show

  • System Security Services Daemon

    The System Security Services Daemon (SSSD) is a system daemon that provides access to different identity and authentication providers such as Red Hat's IdM, Microsoft's AD, openLDAP, MIT Kerberos, ...
    Group
    Show

  • System Security Services Daemon (SSSD) - LDAP

    The System Security Services Daemon (SSSD) is a system daemon that provides access to different identity and authentication providers such as Red Hat's IdM, Microsoft's AD, openLDAP, MIT Kerberos, ...
    Group
    Show

  • Ensure tmp.mount Unit Us Enabled

    The <code>/tmp</code> directory is a world-writable directory used for temporary file storage. This directory is managed by <code>systemd-tmpfiles</code>. Ensure that the <code>tmp.mount</code> sys...
    Rule Low Severity
    Show

  • Verify Group Who Owns /etc/sudoers.d Directory

    To properly set the group owner of /etc/sudoers.d, run the command: 
    $ sudo chgrp root /etc/sudoers.d
    Rule Medium Severity
    Show

  • Verify User Who Owns /etc/sudoers.d Directory

    To properly set the owner of /etc/sudoers.d, run the command: 
    $ sudo chown root /etc/sudoers.d
    Rule Medium Severity
    Show

  • Verify Permissions On /etc/sudoers.d Directory

    To properly set the permissions of /etc/sudoers.d, run the command: 
    $ sudo chmod 0750 /etc/sudoers.d
    Rule Medium Severity
    Show

  • Verify Group Who Owns /etc/sudoers File

    To properly set the group owner of /etc/sudoers, run the command: 
    $ sudo chgrp root /etc/sudoers
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules