Subscribe to Help Center RSS FeedSome policies you create provide a list of options for you to specify, enable, or disable. For example, when you create a policy for Linux devices to control when the screen saver locks down an inactive device, you need to configure the timeout in seconds.
Specific policies have nuances that are important to note as you apply them to your fleet. While some policies take effect immediately, others may take 5-10 minutes for the policy update process to run, or require a device logout. We recommend you reference the article for a specific policy if you have concerns.
Below is a list of all Linux policies in 探花大神. Specific instructions for more nuanced policies are linked in the Learn More column. If a Learn More article isn't listed, you can use the basic steps in for help.
Linux Policies
| Policy Name | Description | Category | Learn More |
|---|---|---|---|
| CentOS 7: Additional Process Hardening | Restrict access to core dumps by enabling address space layout randomization (ASLR) and uninstalling prelink packages. | Security, Compliance | 听 |
| Check Disk Encryption | Check a Linux device for Full-Disk or Home-Directory encryption and report the status. | Security, Compliance | Linux Check Disk Encryption Policy |
| Configure IPv4 iptables | This policy ensures that IPv4 iptables rules are in place. | ||
| Configure IPv6 iptables | This policy ensures that IPv6 iptables rules are in place. | ||
| Configure rsyslog | Configure rsyslog so that it is enabled and properly configured on the device. | 听 | 听 |
| Disable Unused Filesystems | Prevent an unauthorized user from introducing data into or extracting data from a device. IT admins should determine if a filesystem type isn鈥檛 necessary, and disable it if it isn鈥檛. Native Linux filesystems are designed to ensure that built-in security controls function as expected. Although non-native filesystems can be used to solve different kinds of problems, they can also lead to unexpected consequences to both the security and functionality of the device. | Security, Compliance | 听 |
| Disable USB Storage | Prevent use of USB mass storage devices, such as flash drives and USB hard drives. | Security, Compliance | Create a Disable USB Storage Policy for Linux |
| Enable Time Synchronization | Ensure that time synchronization between all devices in the environment is enabled and properly configured. Time synchronization is an essential part of security and compliance. For example, time synchronization ensures that system logs have consistent timestamps and also helps to verify the public key's expiration date. | 听 | 听 |
| File Ownership and Permissions | Secure system files for Linux devices. | 听 | 听 |
| Forbidden Services |