III - Administrative Classified
Rules and Groups employed by this XCCDF Profile
-
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
SLEM 5 must not allow interfaces to accept Internet Protocol version 6 (IPv6) Internet Control Message Protocol (ICMP) redirect messages by default.
<VulnDiscussion>ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. Thes...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
SLEM 5 must not be performing Internet Protocol version 6 (IPv6) packet forwarding unless the system is a router.
<VulnDiscussion>Routing protocol daemons are typically used on routers to exchange network topology information with other routers. If this s...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
SLEM 5 must not be performing Internet Protocol version 6 (IPv6) packet forwarding by default unless the system is a router.
<VulnDiscussion>Routing protocol daemons are typically used on routers to exchange network topology information with other routers. If this s...Rule Medium Severity -
SRG-OS-000423-GPOS-00187
<GroupDescription></GroupDescription>Group -
SLEM 5 must have SSH installed to protect the confidentiality and integrity of transmitted information.
<VulnDiscussion>Without protection of the transmitted information, confidentiality and integrity may be compromised because unprotected commu...Rule High Severity -
SRG-OS-000423-GPOS-00187
<GroupDescription></GroupDescription>Group -
SLEM 5 must use SSH to protect the confidentiality and integrity of transmitted information.
<VulnDiscussion>Without protection of the transmitted information, confidentiality and integrity may be compromised because unprotected commu...Rule High Severity -
SRG-OS-000023-GPOS-00006
<GroupDescription></GroupDescription>Group -
SLEM 5 must display the Standard Mandatory DOD Notice and Consent Banner before granting access via SSH.
<VulnDiscussion>Display of a standardized and approved use notification before granting access to SLEM 5 ensures privacy and security notific...Rule Medium Severity -
SRG-OS-000480-GPOS-00229
<GroupDescription></GroupDescription>Group -
SLEM 5 must not allow unattended or automatic logon via SSH.
<VulnDiscussion>Failure to restrict system access via SSH to authenticated users negatively impacts SLEM 5 security.</VulnDiscussion>&l...Rule High Severity -
SRG-OS-000163-GPOS-00072
<GroupDescription></GroupDescription>Group -
SLEM 5 must be configured so that all network connections associated with SSH traffic terminate after becoming unresponsive.
<VulnDiscussion>Terminating an unresponsive SSH session within a short time period reduces the window of opportunity for unauthorized personn...Rule Medium Severity -
SRG-OS-000126-GPOS-00066
<GroupDescription></GroupDescription>Group -
SLEM 5 must be configured so that all network connections associated with SSH traffic are terminated after 10 minutes of becoming unresponsive.
<VulnDiscussion>Terminating an unresponsive SSH session within a short time period reduces the window of opportunity for unauthorized personn...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
SLEM 5 SSH daemon must disable forwarded remote X connections for interactive users, unless to fulfill documented and validated mission requirements.
<VulnDiscussion>The security risk of using X11 forwarding is that the client's X11 display server may be exposed to attack when the SSH clien...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.