I - Mission Critical Classified
Rules and Groups employed by this XCCDF Profile
-
SRG-OS-000468-GPOS-00212
<GroupDescription></GroupDescription>Group -
Successful/unsuccessful uses of the fremovexattr system call in TOSS must generate an audit record.
<VulnDiscussion>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficu...Rule Medium Severity -
SRG-OS-000468-GPOS-00212
<GroupDescription></GroupDescription>Group -
Successful/unsuccessful uses of the "lremovexattr" system call in TOSS must generate an audit record.
<VulnDiscussion>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficu...Rule Medium Severity -
SRG-OS-000468-GPOS-00212
<GroupDescription></GroupDescription>Group -
Successful/unsuccessful uses of the "removexattr" system call in TOSS must generate an audit record.
<VulnDiscussion>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficu...Rule Medium Severity -
SRG-OS-000470-GPOS-00214
<GroupDescription></GroupDescription>Group -
Successful/unsuccessful modifications to the "lastlog" file in TOSS must generate an audit record.
<VulnDiscussion>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficu...Rule Medium Severity -
SRG-OS-000471-GPOS-00215
<GroupDescription></GroupDescription>Group -
Successful/unsuccessful uses of "semanage" in TOSS must generate an audit record.
<VulnDiscussion>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficu...Rule Medium Severity -
SRG-OS-000471-GPOS-00215
<GroupDescription></GroupDescription>Group -
Successful/unsuccessful uses of the "gpasswd" command in TOSS must generate an audit record.
<VulnDiscussion>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficu...Rule Medium Severity -
SRG-OS-000471-GPOS-00215
<GroupDescription></GroupDescription>Group -
Successful/unsuccessful uses of the "mount" command in TOSS must generate an audit record.
<VulnDiscussion>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficu...Rule Medium Severity -
SRG-OS-000471-GPOS-00215
<GroupDescription></GroupDescription>Group -
Successful/unsuccessful uses of the "mount" syscall in TOSS must generate an audit record.
<VulnDiscussion>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficu...Rule Medium Severity -
SRG-OS-000471-GPOS-00215
<GroupDescription></GroupDescription>Group -
Successful/unsuccessful uses of the "su" command in TOSS must generate an audit record.
<VulnDiscussion>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficu...Rule Medium Severity -
SRG-OS-000471-GPOS-00215
<GroupDescription></GroupDescription>Group -
Successful/unsuccessful uses of the "umount" command in TOSS must generate an audit record.
<VulnDiscussion>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficu...Rule Medium Severity -
SRG-OS-000471-GPOS-00215
<GroupDescription></GroupDescription>Group -
Successful/unsuccessful uses of the "unix_update" in TOSS must generate an audit record.
<VulnDiscussion>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficu...Rule Medium Severity -
SRG-OS-000471-GPOS-00215
<GroupDescription></GroupDescription>Group -
Successful/unsuccessful uses of the "usermod" command in TOSS must generate an audit record.
<VulnDiscussion>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficu...Rule Medium Severity -
SRG-OS-000471-GPOS-00215
<GroupDescription></GroupDescription>Group -
Successful/unsuccessful uses of "unix_chkpwd" in TOSS must generate an audit record.
<VulnDiscussion>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficu...Rule Medium Severity -
SRG-OS-000471-GPOS-00215
<GroupDescription></GroupDescription>Group -
Successful/unsuccessful uses of "userhelper" in TOSS must generate an audit record.
<VulnDiscussion>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficu...Rule Medium Severity -
SRG-OS-000471-GPOS-00216
<GroupDescription></GroupDescription>Group -
Successful/unsuccessful uses of the "kmod" command in TOSS must generate an audit record.
<VulnDiscussion>"Without generating audit records that are specific to the security and mission needs of the organization, it would be diffic...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
The auditd service must be running in TOSS.
<VulnDiscussion>Configuring TOSS to implement organization-wide security implementation guides and security checklists ensures compliance wit...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
The TOSS audit system must audit local events.
<VulnDiscussion>Without establishing what type of events occurred, the source of events, where events occurred, and the outcome of events, it...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
TOSS must resolve audit information before writing to disk.
<VulnDiscussion>Without establishing what type of events occurred, the source of events, where events occurred, and the outcome of events, it...Rule Low Severity -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
TOSS must have the packages required for offloading audit logs installed.
<VulnDiscussion>Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Offloading is a common ...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
TOSS must have the packages required for encrypting offloaded audit logs installed.
<VulnDiscussion>Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Offloading is a common ...Rule Medium Severity -
SRG-OS-000032-GPOS-00013
<GroupDescription></GroupDescription>Group -
TOSS must monitor remote access methods.
<VulnDiscussion>Remote access services, such as those providing remote access to network devices and information systems, which lack automate...Rule Medium Severity -
SRG-OS-000033-GPOS-00014
<GroupDescription></GroupDescription>Group -
TOSS must force a frequent session key renegotiation for SSH connections by the client.
<VulnDiscussion>Without protection of the transmitted information, confidentiality and integrity may be compromised because unprotected commu...Rule Medium Severity -
SRG-OS-000033-GPOS-00014
<GroupDescription></GroupDescription>Group -
TOSS must force a frequent session key renegotiation for SSH connections to the server.
<VulnDiscussion>Without protection of the transmitted information, confidentiality and integrity may be compromised because unprotected commu...Rule Medium Severity -
SRG-OS-000033-GPOS-00014
<GroupDescription></GroupDescription>Group -
TOSS must implement NIST FIPS-validated cryptography for the following: to provision digital signatures; to generate cryptographic hashes; and to protect unclassified information requiring confidentiality and cryptographic protection in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.
<VulnDiscussion>Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to protect data. The operating ...Rule High Severity -
SRG-OS-000069-GPOS-00037
<GroupDescription></GroupDescription>Group -
TOSS must enforce password complexity by requiring that at least one uppercase character be used.
<VulnDiscussion>Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, ...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.