DRAFT - BSI APP.4.4. and SYS.1.6
Rules and Groups employed by this XCCDF Profile
-
System Settings
Contains rules that check correct system settings.Group -
SELinux
SELinux is a feature of the Linux kernel which can be used to guard against misconfigured or compromised programs. SELinux enforces the idea that p...Group -
Ensure SELinux Not Disabled in the kernel arguments
SELinux can be disabled at boot time by disabling it via a kernel argument. Remove any instances of <code>selinux=0</code> from the kernel argument...Rule Medium Severity -
Configure SELinux Policy
The SELinux <code>targeted</code> policy is appropriate for general-purpose desktops and servers, as well as systems in many other roles. To config...Rule Medium Severity -
Ensure SELinux State is Enforcing
The SELinux state should be set to <code><xccdf-1.2:sub idref="xccdf_org.ssgproject.content_value_var_selinux_state" use="legacy"></xccdf-1.2:sub><...Rule High Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules