Skip to content
Log In

II - Mission Support Public

Rules and Groups employed by this XCCDF Profile

  • SRG-OS-000324-GPOS-00125

    Group
    Show

  • The Photon operating system must enable symlink access control protection in the kernel.

    By enabling the fs.protected_symlinks kernel parameter, symbolic links are permitted to be followed only when outside a sticky world-writable directory, or when the UID of the link and follower mat...
    Rule High Severity
    Show

  • SRG-OS-000327-GPOS-00127

    Group
    Show

  • The Photon operating system must audit the execution of privileged functions.

    Misuse of privileged functions, either intentionally or unintentionally by authorized users, or by unauthorized external entities that have compromised information system accounts, is a serious and...
    Rule Medium Severity
    Show

  • SRG-OS-000329-GPOS-00128

    Group
    Show

  • The Photon operating system must automatically lock an account until the locked account is released by an administrator when three unsuccessful logon attempts in 15 minutes occur.

    By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-forcing, is reduced. Limits are imposed by locking the a...
    Rule Medium Severity
    Show

  • SRG-OS-000341-GPOS-00132

    Group
    Show

  • The Photon operating system must allocate audit record storage capacity to store audit records when audit records are not immediately sent to a central audit record storage facility.

    Audit logs are most useful when accessible by date, rather than size. This can be accomplished through a combination of an audit log rotation and setting a reasonable number of logs to keep. This e...
    Rule Low Severity
    Show

  • SRG-OS-000343-GPOS-00134

    Group
    Show

  • The Photon operating system must immediately notify the SA and ISSO when allocated audit record storage volume reaches 75 percent of the repository maximum audit record storage capacity.

    If security personnel are not notified immediately when storage volume reaches 75 percent utilization, they are unable to plan for audit record storage capacity expansion.
    Rule Low Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules