System security settings

Description

This is a checklist of security controls in Fedora Linux system.

Notices

Do not attempt to implement any of the settings in this guide without first testing them in a non-operational environment. The creators of this guidance assume no responsibility whatsoever for its use by other parties, and makes no guarantees, expressed or implied, about its quality, reliability, or any other characteristic.

Selected profile

Title	Fedora defaults settings
ID	default

Revision History

Current version: 0.2

draft (as of 2014-06-06)

Platforms

cpe:/o:fedoraproject:fedora:20
cpe:/o:fedoraproject:fedora:21

Checklist

contains 3 rules

OpenSSHgroup

SSH (Secure SHell) is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel.

contains 3 rules

Read-write homedirsrule

Allow ssh with chroot env to read and write files in the user home directories. Expected setting: false

Remediation script:

/sbin/setsebool -P ssh_chroot_rw_homedirs false

Host key authentificationrule

Allow host key based authentication. Expected setting: false

Remediation script:

/sbin/setsebool -P ssh_keysign false

Sysadmin loginrule

Allow ssh logins as sysadm_r:sysadm_t. Expected setting: false

Remediation script:

/sbin/setsebool -P ssh_sysadm_login false

Xorggroup

X.org X11 is an open source implementation of the X Window System. It provides the basic low level functionality which full fledged graphical user interfaces (GUIs) such as GNOME and KDE are designed upon.

ABRTgroup

ABRT is a set of tools to help users detect and report problems. It's main purpose is to ease the process of reporting an issue and finding a solution.