Skip to content
Log In

II - Mission Support Public

Rules and Groups employed by this XCCDF Profile

  • SRG-OS-000480-GPOS-00227

    Group
    Show

  • The Photon operating system must enable the rsyslog service.

    Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is a common process in information systems with limited audit storage capacity.
    Rule Medium Severity
    Show

  • SRG-OS-000077-GPOS-00045

    Group
    Show

  • The Photon operating system must be configured to use the pam_pwhistory.so module.

    Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. If the information system or application allows the user...
    Rule Medium Severity
    Show

  • SRG-OS-000480-GPOS-00227

    Group
    Show

  • The Photon operating system must enable hardlink access control protection in the kernel.

    By enabling the fs.protected_hardlinks kernel parameter, users can no longer create soft or hard links to files they do not own. Disallowing such hardlinks mitigate vulnerabilities based on insecur...
    Rule Medium Severity
    Show

  • SRG-OS-000480-GPOS-00227

    Group
    Show

  • The Photon operating system must restrict core dumps.

    By enabling the fs.suid_dumpable kernel parameter, core dumps are not generated for setuid or otherwise protected/tainted binaries. This prevents users from potentially accessing core dumps with pr...
    Rule Medium Severity
    Show

  • SRG-OS-000363-GPOS-00150

    Group
    Show

  • The Photon operating system must configure AIDE to detect changes to baseline configurations.

    Unauthorized changes to the baseline configuration could make the system vulnerable to various attacks or allow unauthorized access to the operating system. Changes to operating system configuratio...
    Rule Medium Severity
    Show

  • SRG-OS-000480-GPOS-00226

    Group
    Show

  • The Photon operating system must not allow empty passwords.

    Accounts with empty or no passwords allow anyone to log on as that account without specifying a password or other forms of authentication. Allowing accounts with empty passwords puts the system at ...
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules