Standard System Security Profile for Fedora

Rules and Groups employed by this XCCDF Profile

Ensure that No Dangerous Directories Exist in Root's Path

The active path of the root account can be obtained by starting a new root shell and running: <pre># echo $PATH</pre> This will produce a colon-sep...

Group

Show

Ensure that Root's Path Does Not Include World or Group-Writable Directories

For each element in root's path, run:

# ls -ld DIR

and ensure that write permissions are disabled for group and other.

Rule Medium Severity

Show

System Accounting with auditd

The audit service provides substantial capabilities for recording system activities. By default, the service audits about SELinux AVC denials and c...

Group

Show

Enable auditd Service

The <code>auditd</code> service is an essential userspace component of the Linux Auditing System, as it is responsible for writing audit records to...

Rule Medium Severity

Show

Enable Auditing for Processes Which Start Prior to the Audit Daemon

To ensure all processes can be audited, even those which start prior to the audit daemon, add the argument <code>audit=1</code> to the default GRUB...

Rule Low Severity

Show

Configure auditd Rules for Comprehensive Auditing

The <code>auditd</code> program can perform comprehensive monitoring of system activity. This section describes recommended configuration settings ...

Group

Show

Make the auditd Configuration Immutable

If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default),...

Rule Medium Severity

Show

Record Events that Modify the System's Mandatory Access Controls

If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default),...

Rule Medium Severity

Show

Ensure auditd Collects Information on Exporting to Media (successful)

At a minimum, the audit system should collect media exportation events for all users and root. If the <code>auditd</code> daemon is configured to u...

Rule Medium Severity

Show

Record Events that Modify the System's Network Environment

If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default),...

Rule Medium Severity

Show

Record Attempts to Alter Process and Session Initiation Information

The audit system already collects process information for all users and root. If the <code>auditd</code> daemon is configured to use the <code>auge...

Rule Medium Severity

Show

Ensure auditd Collects System Administrator Actions

At a minimum, the audit system should collect administrator actions for all users and root. If the <code>auditd</code> daemon is configured to use ...

Rule Medium Severity

Show

Record Events that Modify User/Group Information

If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default),...

Rule Medium Severity

Show

System Audit Logs Must Be Owned By Root

All audit logs must be owned by root user and group. By default, the path for audit log is <pre>/var/log/audit/</pre>. To properly set the owner o...

Rule Medium Severity

Show

Record Events that Modify the System's Discretionary Access Controls

At a minimum, the audit system should collect file permission changes for all users and root. Note that the "-F arch=b32" lines should be present e...

Group

Show

Record Events that Modify the System's Discretionary Access Controls - chmod