Skip to content

Standard System Security Profile for Anolis OS 23

Rules and Groups employed by this XCCDF Profile

  • Disable Core Dumps for All Users

    To disable core dumps for all users, add the following line to <code>/etc/security/limits.conf</code>, or to a file within the <code>/etc/security/...
    Rule Medium Severity
  • Disable Core Dumps for SUID programs

    To set the runtime status of the <code>fs.suid_dumpable</code> kernel parameter, run the following command: <pre>$ sudo sysctl -w fs.suid_dumpable=...
    Rule Medium Severity
  • Enable ExecShield

    ExecShield describes kernel features that provide protection against exploitation of memory corruption errors such as buffer overflows. These featu...
    Group
  • Enable Randomized Layout of Virtual Address Space

    To set the runtime status of the <code>kernel.randomize_va_space</code> kernel parameter, run the following command: <pre>$ sudo sysctl -w kernel.r...
    Rule Medium Severity
  • Services

    The best protection against vulnerable software is running less software. This section describes how to review the software which Anolis OS 23 inst...
    Group

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules