CCI-000368
Document any deviations from the established configuration settings for organization-defined system components based on organization-defined operational requirements.
4 rules found Severity: Medium
The Red Hat Enterprise Linux operating system must be configured so that all system device files are correctly labeled to prevent unauthorized modification.
1 rule found Severity: Medium
The Red Hat Enterprise Linux operating system must set the umask value to 077 for all local interactive user accounts.
1 rule found Severity: Medium
The Red Hat Enterprise Linux operating system must not allow removable media to be used as the boot loader unless approved.
1 rule found Severity: Medium
The Red Hat Enterprise Linux operating system must be configured so that the rsyslog daemon does not accept log messages from other servers unless the server is being used for log aggregation.
1 rule found Severity: Medium
The Red Hat Enterprise Linux operating system must be configured so that the SSH daemon does not permit Generic Security Service Application Program Interface (GSSAPI) authentication unless needed.
1 rule found Severity: Medium
The Red Hat Enterprise Linux operating system must be configured so that the SSH daemon does not permit Kerberos authentication unless needed.
1 rule found Severity: Medium
The Red Hat Enterprise Linux operating system must not have the Trivial File Transfer Protocol (TFTP) server package installed if not required for operational support.
1 rule found Severity: High
1 rule found Severity: Medium
ACF2 APPLDEF GSO record if used must have supporting documentation indicating the reason it was used.
1 rule found Severity: Low
ACF2 SECVOLS GSO record value must be set to VOLMASK(). Any local changes are justified and documented with the ISSO.
1 rule found Severity: Medium