Skip to content
ATO Pathways
  Log In

PCI-DSS v3.2.1 Control Baseline for Fedora

Rules and Groups employed by this XCCDF Profile

  • Ensure gpgcheck Enabled In Main dnf Configuration

    The <code>gpgcheck</code> option controls whether RPM packages' signatures are always checked prior to installation. To configure dnf to check pack...
    Rule High Severity
    Show

  • Ensure gpgcheck Enabled for All dnf Package Repositories

    To ensure signature checking is not disabled for any repos, remove any lines from files in <code>/etc/yum.repos.d</code> of the form: <pre>gpgcheck...
    Rule High Severity
    Show

  • Ensure Software Patches Installed



    NOTE: U.S. Defense systems are required to be patched within 30 days or sooner as local policy dictates.
    Rule Medium Severity
    Show

  • Account and Access Control

    In traditional Unix security, if an attacker gains shell access to a certain login account, they can perform any action or access any file to which...
    Group
    Show

  • Protect Accounts by Configuring PAM

    PAM, or Pluggable Authentication Modules, is a system which implements modular authentication for Linux programs. PAM provides a flexible and confi...
    Group
    Show

  • Ensure PAM Displays Last Logon/Access Notification

    To configure the system to notify users of last logon/access using <code>pam_lastlog</code>, add or correct the <code>pam_lastlog</code> settings i...
    Rule Low Severity
    Show

  • Set Lockouts for Failed Password Attempts

    The <code>pam_faillock</code> PAM module provides the capability to lock out user accounts after a number of failed login attempts. Its documentati...
    Group
    Show

  • Limit Password Reuse

    Do not allow users to reuse recent passwords. This can be accomplished by using the <code>remember</code> option for the <code>pam_unix</code> or <...
    Rule Medium Severity
    Show

  • Lock Accounts After Failed Password Attempts

    This rule configures the system to lock out accounts after a number of incorrect login attempts using <code>pam_faillock.so</code>. pam_faillock.so...
    Rule Medium Severity
    Show

  • Set Lockout Time for Failed Password Attempts

    This rule configures the system to lock out accounts during a specified time period after a number of incorrect login attempts using <code>pam_fail...
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules