OSPP - Protection Profile for General Purpose Operating Systems
Rules and Groups employed by this XCCDF Profile
-
Protect Accounts by Restricting Password-Based Login
Conventionally, Unix shell accounts are accessed by providing a username and password to a login program, which tests these values for correctness using the <code>/etc/passwd</code> and <code>/etc/...Group -
Verify Proper Storage and Existence of Password Hashes
By default, password hashes for local accounts are stored in the second field (colon-separated) in <code>/etc/shadow</code>. This file should be readable only by processes running with root credent...Group -
Prevent Login to Accounts With Empty Password
If an account is configured for password authentication but does not have an assigned password, it may be possible to log into the account without authentication. Remove any instances of the <code>...Rule High Severity -
Secure Session Configuration Files for Login Accounts
When a user logs into a Unix account, the system configures the user's session by reading a number of files. Many of these files are located in the user's home directory, and may have weak permissi...Group -
Set Interactive Session Timeout
Setting the <code>TMOUT</code> option in <code>/etc/profile</code> ensures that all user sessions will terminate based on inactivity. The value of TMOUT should be exported and read only. The <code>...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules