III - Administrative Sensitive
Rules and Groups employed by this XCCDF Profile
-
SRG-OS-000104-GPOS-00051
Group -
The Photon operating system must not have duplicate User IDs (UIDs).
To ensure accountability and prevent unauthenticated access, organizational users must be uniquely identified and authenticated to prevent potential misuse and provide for nonrepudiation.Rule Medium Severity -
SRG-OS-000120-GPOS-00061
Group -
The Photon operating system must use mechanisms meeting the requirements of applicable federal laws, Executive orders, directives, policies, regulations, standards, and guidance for authentication to a cryptographic module.
Unapproved mechanisms that are used for authentication to the cryptographic module are not verified and therefore cannot be relied upon to provide confidentiality or integrity, and DOD data may be ...Rule Medium Severity -
SRG-OS-000138-GPOS-00069
Group -
The Photon operating system must restrict access to the kernel message buffer.
Restricting access to the kernel message buffer limits access only to root. This prevents attackers from gaining additional system information as a nonprivileged user.Rule Medium Severity -
SRG-OS-000142-GPOS-00071
Group -
The Photon operating system must be configured to use TCP syncookies.
A TCP SYN flood attack can cause a Denial of Service (DOS) by filling a system's TCP connection table with connections in the SYN_RCVD state. Syncookies can be used to track a connection when a sub...Rule Medium Severity -
SRG-OS-000163-GPOS-00072
Group -
The Photon operating system must terminate idle Secure Shell (SSH) sessions after 15 minutes.
Terminating an idle session within a short time period reduces the window of opportunity for unauthorized personnel to take control of a management session enabled on the console or console port th...Rule Medium Severity -
SRG-OS-000205-GPOS-00083
Group -
The Photon operating system /var/log directory must be restricted.
Any operating system providing too much information in error messages risks compromising the data and security of the structure, and content of error messages needs to be carefully considered by th...Rule Medium Severity -
SRG-OS-000206-GPOS-00084
Group -
The Photon operating system must reveal error messages only to authorized users.
Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational state or can identify the operating system or pla...Rule Medium Severity -
SRG-OS-000239-GPOS-00089
Group -
The Photon operating system must audit all account modifications.
Once an attacker establishes access to a system, the attacker often attempts to create a persistent method of reestablishing access. One way to accomplish this is for the attacker to modify an exis...Rule Medium Severity -
SRG-OS-000241-GPOS-00091
Group -
The Photon operating system must audit all account removal actions.
When operating system accounts are removed, user accessibility is affected. Accounts are utilized for identifying individual users or for identifying the operating system processes themselves. In o...Rule Medium Severity -
SRG-OS-000250-GPOS-00093
Group -
The Photon operating system must implement only approved ciphers to protect the integrity of remote access sessions.
Without cryptographic integrity protections, information can be altered by unauthorized users without detection. Remote access (e.g., RDP) is access to DOD nonpublic information systems by an auth...Rule High Severity -
SRG-OS-000254-GPOS-00095
Group -
The Photon operating system must initiate session audits at system startup.
If auditing is enabled late in the startup process, the actions of some startup processes may not be audited. Some audit systems also maintain state information only available if auditing is enable...Rule Medium Severity -
SRG-OS-000256-GPOS-00097
Group -
The Photon operating system must protect audit tools from unauthorized access.
Protecting audit information also includes identifying and protecting the tools used to view and manipulate log data. Therefore, protecting audit tools is necessary to prevent unauthorized operatio...Rule Medium Severity -
SRG-OS-000266-GPOS-00101
Group -
The Photon operating system must enforce password complexity by requiring that at least one special character be used.
Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity or strength is a measure of the effectiveness of a password in resisting ...Rule Medium Severity -
SRG-OS-000278-GPOS-00108
Group -
The Photon operating system must use cryptographic mechanisms to protect the integrity of audit tools.
Protecting the integrity of the tools used for auditing purposes is a critical step toward ensuring the integrity of audit information. Audit information includes all information (e.g., audit recor...Rule High Severity -
SRG-OS-000279-GPOS-00109
Group -
The operating system must automatically terminate a user session after inactivity time-outs have expired.
Automatic session termination addresses the termination of user-initiated logical sessions in contrast to the termination of network connections that are associated with communications sessions (i....Rule Medium Severity -
SRG-OS-000324-GPOS-00125
Group -
The Photon operating system must enable symlink access control protection in the kernel.
By enabling the fs.protected_symlinks kernel parameter, symbolic links are permitted to be followed only when outside a sticky world-writable directory, or when the UID of the link and follower mat...Rule High Severity -
SRG-OS-000327-GPOS-00127
Group -
The Photon operating system must audit the execution of privileged functions.
Misuse of privileged functions, either intentionally or unintentionally by authorized users, or by unauthorized external entities that have compromised information system accounts, is a serious and...Rule Medium Severity -
SRG-OS-000329-GPOS-00128
Group -
The Photon operating system must automatically lock an account until the locked account is released by an administrator when three unsuccessful logon attempts in 15 minutes occur.
By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-forcing, is reduced. Limits are imposed by locking the a...Rule Medium Severity -
SRG-OS-000341-GPOS-00132
Group -
The Photon operating system must allocate audit record storage capacity to store audit records when audit records are not immediately sent to a central audit record storage facility.
Audit logs are most useful when accessible by date, rather than size. This can be accomplished through a combination of an audit log rotation and setting a reasonable number of logs to keep. This e...Rule Low Severity -
SRG-OS-000343-GPOS-00134
Group -
The Photon operating system must immediately notify the SA and ISSO when allocated audit record storage volume reaches 75 percent of the repository maximum audit record storage capacity.
If security personnel are not notified immediately when storage volume reaches 75 percent utilization, they are unable to plan for audit record storage capacity expansion.Rule Low Severity -
SRG-OS-000366-GPOS-00153
Group -
The Photon operating system TDNF package management tool must cryptographically verify the authenticity of all software packages during installation.
Installation of any nontrusted software, patches, service packs, device drivers, or operating system components can significantly affect the overall security of the operating system. This requireme...Rule High Severity -
SRG-OS-000373-GPOS-00156
Group -
The Photon operating system must require users to reauthenticate for privilege escalation.
Without reauthentication, users may access resources or perform tasks for which they do not have authorization. When operating systems provide the capability to escalate a functional capability, ...Rule Medium Severity -
SRG-OS-000433-GPOS-00193
Group -
The Photon operating system must implement address space layout randomization to protect its memory from unauthorized code execution.
Some adversaries launch attacks with the intent of executing code in nonexecutable regions of memory or in memory locations that are prohibited. Security safeguards employed to protect memory inclu...Rule Medium Severity -
SRG-OS-000437-GPOS-00194
Group -
The Photon operating system must remove all software components after updated versions have been installed.
Previous versions of software components that are not removed from the information system after updates have been installed may be exploited by adversaries. Some information technology products may...Rule Medium Severity -
SRG-OS-000470-GPOS-00214
Group -
The Photon operating system must generate audit records when successful/unsuccessful logon attempts occur.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an in...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.