Skip to content
Log In

Profile for ANSSI DAT-NT28 Average (Intermediate) Level

Rules and Groups employed by this XCCDF Profile

  • Verify Permissions on shadow File

    To properly set the permissions of /etc/shadow, run the command: 
    $ sudo chmod 0640 /etc/shadow
    Rule Medium Severity
    Show

  • Restrict Programs from Dangerous Execution Patterns

    The recommendations in this section are designed to ensure that the system's features to protect against potentially dangerous program execution are activated. These protections are applied at the ...
    Group
    Show

  • Disable Core Dumps

    A core dump file is the memory image of an executable program when it was terminated by the operating system due to errant behavior. In most cases, only software developers legitimately need to acc...
    Group
    Show

  • Disable Core Dumps for SUID programs

    To set the runtime status of the <code>fs.suid_dumpable</code> kernel parameter, run the following command: <pre>$ sudo sysctl -w fs.suid_dumpable=0</pre> To make sure that the setting is persisten...
    Rule Medium Severity
    Show

  • Enable ExecShield

    ExecShield describes kernel features that provide protection against exploitation of memory corruption errors such as buffer overflows. These features include random placement of the stack and othe...
    Group
    Show

  • Enable Randomized Layout of Virtual Address Space

    To set the runtime status of the <code>kernel.randomize_va_space</code> kernel parameter, run the following command: <pre>$ sudo sysctl -w kernel.randomize_va_space=2</pre> To make sure that the se...
    Rule Medium Severity
    Show

  • Services

    The best protection against vulnerable software is running less software. This section describes how to review the software which Debian 12 installs on a system and disable software which is not ne...
    Group
    Show

  • APT service configuration

    The apt service manage the package management and update of the whole system. Its configuration need to be properly defined to ensure efficient security updates, packages and repository authenticat...
    Group
    Show

  • Disable unauthenticated repositories in APT configuration

    Unauthenticated repositories should not be used for updates.
    Rule Unknown Severity
    Show

  • Ensure that official distribution repositories are used

    Check that official Debian repositories, including security repository, are configured in apt.
    Rule Unknown Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules