Skip to content

III - Administrative Sensitive

Rules and Groups employed by this XCCDF Profile

  • SRG-OS-000205-GPOS-00083

    <GroupDescription></GroupDescription>
    Group
  • The Photon operating system /var/log directory must be restricted.

    &lt;VulnDiscussion&gt;Any operating system providing too much information in error messages risks compromising the data and security of the structu...
    Rule Medium Severity
  • SRG-OS-000206-GPOS-00084

    <GroupDescription></GroupDescription>
    Group
  • The Photon operating system must reveal error messages only to authorized users.

    &lt;VulnDiscussion&gt;Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an orga...
    Rule Medium Severity
  • SRG-OS-000239-GPOS-00089

    <GroupDescription></GroupDescription>
    Group
  • The Photon operating system must audit all account modifications.

    &lt;VulnDiscussion&gt;Once an attacker establishes access to a system, the attacker often attempts to create a persistent method of reestablishing ...
    Rule Medium Severity
  • SRG-OS-000241-GPOS-00091

    <GroupDescription></GroupDescription>
    Group
  • The Photon operating system must audit all account removal actions.

    &lt;VulnDiscussion&gt;When operating system accounts are removed, user accessibility is affected. Accounts are utilized for identifying individual ...
    Rule Medium Severity
  • SRG-OS-000250-GPOS-00093

    <GroupDescription></GroupDescription>
    Group
  • The Photon operating system must implement only approved ciphers to protect the integrity of remote access sessions.

    &lt;VulnDiscussion&gt;Without cryptographic integrity protections, information can be altered by unauthorized users without detection. Remote acce...
    Rule High Severity
  • SRG-OS-000254-GPOS-00095

    <GroupDescription></GroupDescription>
    Group
  • The Photon operating system must initiate session audits at system startup.

    &lt;VulnDiscussion&gt;If auditing is enabled late in the startup process, the actions of some startup processes may not be audited. Some audit syst...
    Rule Medium Severity
  • SRG-OS-000256-GPOS-00097

    <GroupDescription></GroupDescription>
    Group
  • The Photon operating system must protect audit tools from unauthorized access.

    &lt;VulnDiscussion&gt;Protecting audit information also includes identifying and protecting the tools used to view and manipulate log data. Therefo...
    Rule Medium Severity
  • SRG-OS-000266-GPOS-00101

    <GroupDescription></GroupDescription>
    Group
  • The Photon operating system must enforce password complexity by requiring that at least one special character be used.

    &lt;VulnDiscussion&gt;Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity o...
    Rule Medium Severity
  • SRG-OS-000278-GPOS-00108

    <GroupDescription></GroupDescription>
    Group
  • The Photon operating system must use cryptographic mechanisms to protect the integrity of audit tools.

    &lt;VulnDiscussion&gt;Protecting the integrity of the tools used for auditing purposes is a critical step toward ensuring the integrity of audit in...
    Rule High Severity
  • SRG-OS-000279-GPOS-00109

    <GroupDescription></GroupDescription>
    Group
  • The operating system must automatically terminate a user session after inactivity time-outs have expired.

    &lt;VulnDiscussion&gt;Automatic session termination addresses the termination of user-initiated logical sessions in contrast to the termination of ...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules