Oracle® Linux 7
Security Guide
Copyright © 2014, 2022, Oracle and/or its affiliates.
E54670-45
May 2022
Abstract
Oracle® Linux 7: Security Guide provides security guidelines for the Oracle Linux 7 operating system.
Document generated on: 2022-05-10 (revision: 13140)
Table of Contents
- Preface
- 1 About System Security
-
2 Security Guidelines
- 2.1 Minimizing the Software Footprint
- 2.2 Configuring System Logging
- 2.3 Disabling Core Dumps
- 2.4 Minimizing Active Services
- 2.5 Locking Down Network Services
- 2.6 Configuring a Packet-Filtering Firewall
- 2.7 Configuring TCP Wrappers
- 2.8 Configuring Kernel Parameters
- 2.9 Restricting Access to SSH Connections
- 2.10 Configuring File System Mounts, File Permissions, and File Ownership
- 2.11 Checking User Accounts and Privileges
- 3 Secure Installation and Configuration
-
4 Implementing Oracle Linux Security
- 4.1 Configuring Access to Network Services
- 4.2 Configuring Packet-filtering Firewalls
- 4.3 Configuring OpenSSH
- 4.4 Configuring TCP Wrappers
- 4.5 Using chroot Jails to Protect the Root (/) Directory
- 4.6 Configuring and Using Software Management
- 4.7 Configuring and Using Data Encryption
- 4.8 Configuring and Using Certificate Management
- 4.9 Configuring and Using Authentication
- 4.10 Configuring and Using Pluggable Authentication Modules
- 4.11 Configuring and Using Access Control Lists
- 4.12 Configuring and Using SELinux
- 4.13 Configuring and Using Auditing
- 4.14 Configuring and Using System Logging
- 4.15 Configuring and Using Process Accounting
- 4.16 Configuring and Using Linux Containers
- 4.17 Configuring and Using Kernel Security Mechanisms
-
5 Using OpenSCAP to Scan for Vulnerabilities
- 5.1 About SCAP
- 5.2 Installing the SCAP Packages
- 5.3 About the oscap Command
- 5.4 Displaying the Available SCAP Information
- 5.5 Displaying Information About a SCAP File
- 5.6 Displaying Available Profiles
- 5.7 Validating OVAL and XCCDF Files
- 5.8 Running a Scan Against a Profile
- 5.9 Generating a Full Security Guide
- 5.10 Running an OVAL Auditing Scan
- 5.11 Scanning Containers, Container Images and Offline File Systems
-
6 FIPS 140-2 Compliance in Oracle Linux 7
- 6.1 FIPS Validated Cryptographic Modules for Oracle Linux 7.8
- 6.2 FIPS Validated Cryptographic Modules for Oracle Linux 7.5 and Oracle Linux 7.6
- 6.3 FIPS Validated Cryptographic Modules for Oracle Linux 7.3
- 6.4 More Information About Modules That Have Received FIPS 140-2 Validation
- 6.5 Enabling FIPS Mode on Oracle Linux
- 6.6 Installing FIPS Validated Cryptographic Modules for Oracle Linux
- 6.7 Enabling FIPS Mode for Oracle Linux 7 Containers
- 7 Oracle Linux 7 Common Criteria Certification