Skip to content

ANSSI-BP-028 (high)

Rules and Groups employed by this XCCDF Profile

  • System Security Services Daemon (SSSD) - LDAP

    The System Security Services Daemon (SSSD) is a system daemon that provides access to different identity and authentication providers such as Red H...
    Group
  • Configure SSSD LDAP Backend Client to Demand a Valid Certificate from the Server

    Configure SSSD to demand a valid certificate from the server to protect the integrity of LDAP remote access sessions by setting the <pre>ldap_tls_r...
    Rule Medium Severity
  • Configure SSSD LDAP Backend to Use TLS For All Transactions

    The LDAP client should be configured to implement TLS for the integrity of all remote LDAP authentication sessions. If the <code>id_provider</code>...
    Rule High Severity
  • System Accounting with auditd

    The audit service provides substantial capabilities for recording system activities. By default, the service audits about SELinux AVC denials and c...
    Group
  • Ensure the audit Subsystem is Installed

    The audit package should be installed.
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules