Skip to content
ATO Pathways
  Log In

Standard System Security Profile for Alibaba Cloud Linux 3

Rules and Groups employed by this XCCDF Profile

  • Configure Kerberos to use System Crypto Policy

    Crypto Policies provide a centralized control over crypto algorithms usage of many packages. Kerberos is supported by crypto policy, but it's confi...
    Rule High Severity
    Show

  • Configure Libreswan to use System Crypto Policy

    Crypto Policies provide a centralized control over crypto algorithms usage of many packages. Libreswan is supported by system crypto policy, but th...
    Rule High Severity
    Show

  • Configure OpenSSL library to use System Crypto Policy

    Crypto Policies provide a centralized control over crypto algorithms usage of many packages. OpenSSL is supported by crypto policy, but the OpenSSL...
    Rule Medium Severity
    Show

  • Configure SSH to use System Crypto Policy

    Crypto Policies provide a centralized control over crypto algorithms usage of many packages. SSH is supported by crypto policy, but the SSH configu...
    Rule Medium Severity
    Show

  • Updating Software

    The <code>yum</code> command line tool is used to install and update software packages. The system also provides a graphical software update tool i...
    Group
    Show

  • Ensure gpgcheck Enabled In Main yum Configuration

    The <code>gpgcheck</code> option controls whether RPM packages' signatures are always checked prior to installation. To configure yum to check pack...
    Rule High Severity
    Show

  • Ensure Red Hat GPG Key Installed

    To ensure the system can cryptographically verify base software packages come from Red Hat (and to connect to the Red Hat Network to receive them),...
    Rule High Severity
    Show

  • Ensure Software Patches Installed



    NOTE: U.S. Defense systems are required to be patched within 30 days or sooner as local policy dictates.
    Rule Medium Severity
    Show

  • System Accounting with auditd

    The audit service provides substantial capabilities for recording system activities. By default, the service audits about SELinux AVC denials and c...
    Group
    Show

  • Configure auditd Rules for Comprehensive Auditing

    The <code>auditd</code> program can perform comprehensive monitoring of system activity. This section describes recommended configuration settings ...
    Group
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules