Skip to content
ATO Pathways
  Log In

ANSSI-BP-028 (intermediary)

Rules and Groups employed by this XCCDF Profile

  • Restrict Root Logins

    Direct root logins should be allowed only for emergency use. In normal situations, the administrator should access the system via a unique unprivil...
    Group
    Show

  • Direct root Logins Not Allowed

    To further limit access to the <code>root</code> account, administrators can disable root logins at the console by editing the <code>/etc/securetty...
    Rule Medium Severity
    Show

  • Secure Session Configuration Files for Login Accounts

    When a user logs into a Unix account, the system configures the user's session by reading a number of files. Many of these files are located in the...
    Group
    Show

  • System Accounting with auditd

    The audit service provides substantial capabilities for recording system activities. By default, the service audits about SELinux AVC denials and c...
    Group
    Show

  • Ensure the audit Subsystem is Installed

    The audit package should be installed.
    Rule Medium Severity
    Show

  • Enable auditd Service

    The <code>auditd</code> service is an essential userspace component of the Linux Auditing System, as it is responsible for writing audit records to...
    Rule Medium Severity
    Show

  • Configure auditd Rules for Comprehensive Auditing

    The <code>auditd</code> program can perform comprehensive monitoring of system activity. This section describes recommended configuration settings ...
    Group
    Show

  • Record Information on the Use of Privileged Commands

    At a minimum, the audit system should collect the execution of privileged commands for all users and root.
    Group
    Show

  • GRUB2 bootloader configuration

    During the boot process, the boot loader is responsible for starting the execution of the kernel and passing options to it. The boot loader allows ...
    Group
    Show

  • Configure L1 Terminal Fault mitigations

    L1 Terminal Fault (L1TF) is a hardware vulnerability which allows unprivileged speculative access to data which is available in the Level 1 Data Ca...
    Rule High Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules