Standard System Security Profile for Fedora
Rules and Groups employed by this XCCDF Profile
-
Restrict Dynamic Mounting and Unmounting of Filesystems
Linux includes a number of facilities for the automated addition and removal of filesystems on a running system. These facilities may be necessary in many environments, but this capability also ca...Group -
Disable Kernel Support for USB via Bootloader Configuration
All USB support can be disabled by adding the <code>nousb</code> argument to the kernel's boot loader configuration. To do so, append "nousb" to the kernel line in <code>/etc/default/grub</code> as...Rule Unknown Severity -
Services
The best protection against vulnerable software is running less software. This section describes how to review the software which Fedora installs on a system and disable software which is not neede...Group -
Network Time Protocol
The Network Time Protocol is used to manage the system clock over a network. Computer clocks are not very accurate, so time will drift unpredictably on unmanaged systems. Central time protocols can...Group -
Enable the NTP Daemon
Run the following command to determine the current status of the <code>chronyd</code> service: <pre>$ sudo systemctl is-active chronyd</pre> If the service is running, it should return the follo...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules