Skip to content
Log In

II - Mission Support Sensitive

Rules and Groups employed by this XCCDF Profile

  • SRG-OS-000480-GPOS-00227

    Group
    Show

  • The Photon operating system must be configured to protect the Secure Shell ( SSH) private host key from unauthorized access.

    If an unauthorized user obtains the private SSH host key file, the host could be impersonated.
    Rule Medium Severity
    Show

  • SRG-OS-000480-GPOS-00227

    Group
    Show

  • The Photon operating system must enforce password complexity on the root account.

    Password complexity rules must apply to all accounts on the system, including root. Without specifying the "enforce_for_root flag", "pam_cracklib" does not apply complexity rules to the root user. ...
    Rule Medium Severity
    Show

  • SRG-OS-000480-GPOS-00227

    Group
    Show

  • The Photon operating system must protect all boot configuration files from unauthorized modification.

    Boot configuration files control how the system boots, including single-user mode, auditing, log levels, etc. Improper or malicious configurations can negatively affect system security and availabi...
    Rule Medium Severity
    Show

  • SRG-OS-000480-GPOS-00227

    Group
    Show

  • The Photon operating system must protect sshd configuration from unauthorized access.

    The "sshd_config" file contains all the configuration items for sshd. Incorrect or malicious configuration of sshd can allow unauthorized access to the system, insecure communication, limited foren...
    Rule Medium Severity
    Show

  • SRG-OS-000480-GPOS-00227

    Group
    Show

  • The Photon operating system must protect all "sysctl" configuration files from unauthorized access.

    The "sysctl" configuration file specifies values for kernel parameters to be set on boot. Incorrect or malicious configuration of these parameters can have a negative effect on system security.
    Rule Medium Severity
    Show

  • SRG-OS-000480-GPOS-00228

    Group
    Show

  • The Photon operating system must set the "umask" parameter correctly.

    The "umask" value influences the permissions assigned to files when they are created. The "umask" setting in "login.defs" controls the permissions for a new user's home directory. By setting the pr...
    Rule Medium Severity
    Show

  • SRG-OS-000480-GPOS-00229

    Group
    Show

  • The Photon operating system must configure sshd to disallow HostbasedAuthentication.

    Secure Shell (SSH) trust relationships enable trivial lateral spread after a host compromise and therefore must be explicitly disabled.
    Rule Medium Severity
    Show

  • SRG-OS-000073-GPOS-00041

    Group
    Show

  • The Photon operating system must store only encrypted representations of passwords.

    Passwords must be protected at all times via strong, one-way encryption. If passwords are not encrypted, they can be plainly read (i.e., clear text) and easily compromised. If they are encrypted wi...
    Rule Medium Severity
    Show

  • SRG-OS-000077-GPOS-00045

    Group
    Show

  • The Photon operating system must ensure the old passwords are being stored.

    Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. If the information system or application allows the user...
    Rule Medium Severity
    Show

  • SRG-OS-000480-GPOS-00227

    Group
    Show

  • The Photon operating system must configure sshd to restrict AllowTcpForwarding.

    While enabling Transmission Control Protocol (TCP) tunnels is a valuable function of sshd, this feature is not appropriate for use on single-purpose appliances.
    Rule Medium Severity
    Show

  • SRG-OS-000480-GPOS-00227

    Group
    Show

  • The Photon operating system must configure sshd to restrict LoginGraceTime.

    By default, sshd unauthenticated connections are left open for two minutes before being closed. This setting is too permissive as no legitimate login would need such an amount of time to complete a...
    Rule Medium Severity
    Show

  • SRG-OS-000478-GPOS-00223

    Group
    Show

  • The Photon operating system must implement NIST FIPS-validated cryptography for the following: to provision digital signatures, generate cryptographic hashes, and protect unclassified information requiring confidentiality and cryptographic protection in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.

    Use of weak or untested encryption algorithms undermines the purposes of using encryption to protect data. The operating system must implement cryptographic modules adhering to the higher standards...
    Rule Medium Severity
    Show

  • SRG-OS-000480-GPOS-00227

    Group
    Show

  • The Photon operating system must disable systemd fallback Domain Name System (DNS).

    Systemd contains an ability to set fallback DNS servers. This is used for DNS lookups in the event no system-level DNS servers are configured or other DNS servers are specified in the systemd "reso...
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules