Skip to content
Log In

Australian Cyber Security Centre (ACSC) ISM Official

Rules and Groups employed by this XCCDF Profile

  • Set SSH authentication attempt limit

    The <code>MaxAuthTries</code> parameter specifies the maximum number of authentication attempts permitted per connection. Once the number of failures reaches half this value, additional failures ar...
    Rule Medium Severity
    Show

  • Distribute the SSH Server configuration to multiple files in a config directory.

    Make sure to have the <code>Include /etc/ssh/sshd_config.d/*.conf</code> line in the <code>/etc/ssh/sshd_config</code> file. Ideally, don't have any active configuration directives in that file, an...
    Rule Medium Severity
    Show

  • USBGuard daemon

    The USBGuard daemon enforces the USB device authorization policy for all USB devices.
    Group
    Show

  • Install usbguard Package

    The usbguard package can be installed with the following command: 
    $ sudo dnf install usbguard
    Rule Medium Severity
    Show

  • Enable the USBGuard Service

    The USBGuard service should be enabled. The usbguard service can be enabled with the following command: 
    $ sudo systemctl enable usbguard.service
    Rule Medium Severity
    Show

  • Authorize Human Interface Devices and USB hubs in USBGuard daemon

    To allow authorization of USB devices combining human interface device and hub capabilities by USBGuard daemon, add the line <code>allow with-interface match-all { 03:*:* 09:00:* }</code> to <code>...
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules