Skip to content
Log In

Sample Security Profile for OpenEmbedded Distros

Rules and Groups employed by this XCCDF Profile

  • Ensure rsyncd service is disabled

    The rsyncd service can be disabled with the following command: 
    $ sudo systemctl mask --now rsyncd.service
    Rule Medium Severity
    Show

  • NIS

    The Network Information Service (NIS), also known as 'Yellow Pages' (YP), and its successor NIS+ have been made obsolete by Kerberos, LDAP, and other modern centralized authentication services. NIS...
    Group
    Show

  • Disable ypserv Service

    The <code>ypserv</code> service, which allows the system to act as a client in a NIS or NIS+ domain, should be disabled. The <code>ypserv</code> service can be disabled with the following command:...
    Rule Medium Severity
    Show

  • Rlogin, Rsh, and Rexec

    The Berkeley r-commands are legacy services which allow cleartext remote access and have an insecure trust model.
    Group
    Show

  • Remove Rsh Trust Files

    The files <code>/etc/hosts.equiv</code> and <code>~/.rhosts</code> (in each user's home directory) list remote hosts and users that are trusted by the local system when using the rshd daemon. To re...
    Rule High Severity
    Show

  • Print Support

    The Common Unix Printing System (CUPS) service provides both local and network printing support. A system running the CUPS service can accept print jobs from other systems, process them, and send t...
    Group
    Show

  • Disable the CUPS Service

    The cups service can be disabled with the following command: 
    $ sudo systemctl mask --now cups.service
    Rule Unknown Severity
    Show

  • Proxy Server

    A proxy server is a very desirable target for a potential adversary because much (or all) sensitive data for a given infrastructure may flow through it. Therefore, if one is required, the system ac...
    Group
    Show

  • Disable Squid if Possible

    If Squid was installed and activated, but the system does not need to act as a proxy server, then it should be disabled and removed.
    Group
    Show

  • Disable Squid

    The squid service can be disabled with the following command: 
    $ sudo systemctl mask --now squid.service
    Rule Unknown Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules