Skip to content
ATO Pathways
  Log In

OSPP - Protection Profile for General Purpose Operating Systems

Rules and Groups employed by this XCCDF Profile

  • Mail Server Software

    Mail servers are used to send and receive email over the network. Mail is a very common service, and Mail Transfer Agents (MTAs) are obvious target...
    Group
    Show

  • Uninstall Sendmail Package

    Sendmail is not the default mail transfer agent and is not installed by default. The <code>sendmail</code> package can be removed with the followin...
    Rule Medium Severity
    Show

  • Network Time Protocol

    The Network Time Protocol is used to manage the system clock over a network. Computer clocks are not very accurate, so time will drift unpredictabl...
    Group
    Show

  • Disable chrony daemon from acting as server

    The <code>port</code> option in <code>/etc/chrony.conf</code> can be set to <code>0</code> to make chrony daemon to never open any listening port f...
    Rule Low Severity
    Show

  • Disable network management of chrony daemon

    The <code>cmdport</code> option in <code>/etc/chrony.conf</code> can be set to <code>0</code> to stop chrony daemon from listening on the UDP port ...
    Rule Low Severity
    Show

  • Hardware RNG Entropy Gatherer Daemon

    The rngd feeds random data from hardware device to kernel random device.
    Group
    Show

  • Enable the Hardware RNG Entropy Gatherer Service

    The Hardware RNG Entropy Gatherer service should be enabled. The <code>rngd</code> service can be enabled with the following command: <pre>$ sudo ...
    Rule Low Severity
    Show

  • SSH Server

    The SSH protocol is recommended for remote login and remote file transfer. SSH provides confidentiality and integrity for data exchanged between tw...
    Group
    Show

  • Configure OpenSSH Server if Necessary

    If the system needs to act as an SSH server, then certain changes should be made to the OpenSSH daemon configuration file <code>/etc/ssh/sshd_confi...
    Group
    Show

  • Disable Host-Based Authentication

    SSH's cryptographic host-based authentication is more secure than <code>.rhosts</code> authentication. However, it is not recommended that hosts un...
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules