ANSSI-BP-028 (high)
Rules and Groups employed by this XCCDF Profile
-
Ensure sudo Ignores Commands In Current Dir - sudo ignore_dot
The sudo <code>ignore_dot</code> tag, when specified, will ignore the current directory in the PATH environment variable. This should be enabled by...Rule Medium Severity -
Ensure sudo umask is appropriate - sudo umask
The sudo <code>umask</code> tag, when specified, will be added the to the user's umask in the command environment. The umask should be configured b...Rule Medium Severity -
Ensure a dedicated group owns sudo
Restrict the execution of privilege escalated commands to a dedicated group of users. Ensure the group owner of /usr/bin/sudo is <xccdf-1.2:sub xml...Rule Medium Severity -
Ensure Software Patches Installed
If the system has an apt repository available, run the following command to install updates: <pre>$ apt update && apt full-upgrade</pre> ...Rule Medium Severity -
Install pam_pwquality Package
Thelibpam-pwqualitypackage can be installed with the following command:$ apt-get install libpam-pwquality
Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules