Skip to content
ATO Pathways
  Log In

OSPP - Protection Profile for General Purpose Operating Systems

Rules and Groups employed by this XCCDF Profile

  • Strengthen the Default Ruleset

    The default rules can be strengthened. The system scripts that activate the firewall rules expect them to be defined in configuration files under t...
    Group
    Show

  • Set Default firewalld Zone for Incoming Packets

    To set the default zone to <code>drop</code> for the built-in default zone which processes incoming IPv4 and IPv6 packets, modify the following lin...
    Rule Medium Severity
    Show

  • Uncommon Network Protocols

    The system includes support for several network protocols which are not commonly used. Although security vulnerabilities in kernel networking code ...
    Group
    Show

  • Disable ATM Support

    The Asynchronous Transfer Mode (ATM) is a protocol operating on network, data link, and physical layers, based on virtual circuits and virtual path...
    Rule Medium Severity
    Show

  • Disable CAN Support

    The Controller Area Network (CAN) is a serial communications protocol which was initially developed for automotive and is now also used in marine, ...
    Rule Medium Severity
    Show

  • Disable IEEE 1394 (FireWire) Support

    The IEEE 1394 (FireWire) is a serial bus standard for high-speed real-time communication. To configure the system to prevent the <code>firewire-co...
    Rule Low Severity
    Show

  • Disable TIPC Support

    The Transparent Inter-Process Communication (TIPC) protocol is designed to provide communications between nodes in a cluster. To configure the sys...
    Rule Low Severity
    Show

  • File Permissions and Masks

    Traditional Unix security relies heavily on file and directory permissions to prevent unauthorized users from reading or modifying files to which t...
    Group
    Show

  • Restrict Partition Mount Options

    System partitions can be mounted with certain options that limit what files on those partitions can do. These options are set in the <code>/etc/fst...
    Group
    Show

  • Add nodev Option to /dev/shm

    The <code>nodev</code> mount option can be used to prevent creation of device files in <code>/dev/shm</code>. Legitimate character and block device...
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules