Linux Secure Configuration - Policy Scan

gsf
compliance
policy

#1

Description

Although Linux is considered by many to be secure by default, some settings or misconfiguration can weaken a Linux system. To protect your data it is recommended to harden the system. For this purpose, many hardening guides and benchmarks are written (you can find a quick overview here).

Linux comes in different flavours, but some security advices are independent of the distribution. With Greenbone it is possible to check compliance with a policy for Linux hosts (GSF content only).

Scan Configuration

To run a policy scan against a Linux target, import this scan configuration (685.8 KB). If any of the policy test do not match your site policy, you can disable (uncheck) the VT in family “Policy”. Also you can modify the default values of some tests to be more or less restrictive by clicking “Select and edit NVT details” of the VT you want to modify. The default value of a VT is taken to determine the compliance status.

You can suppress reporting for each policy test and instead show summary VTs only by disable “Verbose Policy Controls” in VT “Compliance Tests” (1.3.6.1.4.1.25623.1.0.95888, family: Compliance).

Included VTs

Name Family OID Details
Compliance Tests Compliance 1.3.6.1.4.1.25623.1.0.95888 Check that Launch Compliance Test and Verbose Policy Controls (optional) are set to yes
Policy Controls Summary Compliance 1.3.6.1.4.1.25623.1.0.109006
Policy Controls: Ok Policy 1.3.6.1.4.1.25623.1.0.109804 Summary of all passed tests
Policy Controls: Fail Policy 1.3.6.1.4.1.25623.1.0.109805 Summary of all failed tests
Linux tests (beginning with Linux:) Policy 1.3.6.1.4.1.25623.1.0.109714 - 1.3.6.1.4.1.25623.1.0.109836 VTs performing the actual tests