Table of Contents

• Title and Copyright Information
• Preface
  • Documentation License
  • Conventions
  • Documentation Accessibility
  • Access to Oracle Support for Accessibility
  • Diversity and Inclusion
• 1 Overview of Security Principles
  • Minimize and Secure the Software Footprint
  • Keep Software Up-to-date
  • Restrict Network Access to Critical Services
  • Control Authentication Mechanisms and Enforce Password Restrictions
  • Follow the Principle of Least Privilege
  • Monitor System Activity
  • Keep Up-to-date With the Latest Security Information
• 2 Planning for a Secure Oracle Linux Environment
  • Recommended Deployment Configurations
  • Component Security
• 3 Managing System Security
  • Understanding the Importance of Updates
    • Installing and Updating Errata RPM Packages
    • Understanding RPM Errata Packages and Cumulative Updates
    • About Security Errata and CVEs
    • About Bug and Enhancement Errata
    • Obtaining Errata and CVE Notices
    • About Premier Backports
  • About Certificate Management
  • About Data Encryption
  • About the Packet Filtering Firewall
  • About SELinux
• 4 Implementing Extra Security Features and Best Practices
  • Working with Core Dumps
  • Working with the Automatic Bug Reporting Tool
  • Configuring and Using Kernel Security Mechanisms
    • Address Space Layout Randomization
    • Data Execution Prevention or No eXecute
    • Position Independent Executables
  • Restricting Access to Kernel Ring Buffer Messages
  • Configuring System Cryptograpic Policies
    • About Predefined Policies
    • Reviewing the Current System-Wide Policy
    • Setting the System-Wide Policy
    • Extending a Policy By Using Modules
    • Creating a New System-Wide Cryptographic Policy
  • Checking User Accounts and Privileges
  • Configuring User Authentication and Password Policies
  • Configuring File System Mounts, File Permissions, and File Ownerships
  • Restricting Access to SSH Connections
  • Using System Auditing and Monitoring
  • Using Advanced Intrusion Detection Environment
  • Implementing System Process Accounting
  • Protecting the Root Directory by Using chroot Jails
    • Running DNS and FTP Services in a Chroot Jail
    • Creating a Chroot Jail
    • Using a Chroot Jail
• 5 FIPS 140-2 Compliance in Oracle Linux 8
  • Configuring FIPS Mode in Oracle Linux 8
    • Installing Oracle Linux 8 in FIPS Mode
    • Enabling and Disabling FIPS Mode for Existing Oracle Linux 8 Installations
  • FIPS 140-2 Validated Modules in Oracle Linux 8
    • Information About Modules That Have Received FIPS 140-2 Validation
    • Installing FIPS Validated Cryptographic Modules for Oracle Linux 8
    • Yum Repositories and ULN Channels for FIPS Validated Cryptographic Modules
• 6 Oracle Linux 8 Common Criteria Certification
• 7 Security Considerations for Developers
  • Design Principles for Secure Coding
  • General Guidelines for Secure Coding
  • General Guidelines for Network Programs