The ansible-hardening role does not make any adjustments to the single user mode unit file since any untested adjustment could cause a system to have problems booting. Allowing single-user mode access without authentication is a serious security risk.įortunately, every distribution supported by the ansible-hardening role already has authentication requirements for single user mode in place. This mode can only be used at the server’s physical console, serial port, or via out-of-band management (DRAC, iLO, and IPMI).
Single user mode is often used in emergency situations where the server cannot boot properly or an issue must be repaired without a fully booted server. V-77823 - Single user mode must require user authentication # The ansible-hardening role has been updated to disable the DCCP kernel module by default. There have been vulnerabilities in the past that are mitigated by disabling DCCP, so it’s a good idea to disable it unless you have a strong reason for keeping it enabled. V-77821 - Datagram Congestion Control Protocol (DCCP) kernel module must be disabled #ĭCCP is often used as a congestion control mechanism for UDP traffic, but it isn’t used that often in modern networks. I use Yubikey 4’s as smartcards in most situations and they work anywhere you have available USB slots. The STIG recommends smartcards (since the US Government often uses CAC cards for multifactor authentication), and this is a good idea for high security systems. This requirement improves security for graphical logins and extends the existing requirements for multifactor authentication for logins (see V-71965, V-72417, and V-72427). V-77819 - Multifactor authentication is required for graphical logins # Let’s break down this list to understand what each one means. V-77825 - Address space layout randomization (ASLR) must be enabled.V-77823 - Single user mode must require user authentication.
V-77821 - Datagram Congestion Control Protocol (DCCP) kernel module must be disabled.V-77819 - Multifactor authentication is required for graphical logins.This release is Version 1, Release 3, and it contains four main changes: The latest release of the Red Hat Enterprise Linux Security Technical Implementation Guide (STIG) was published last week.
0 kommentar(er)
