Capacity
4.3.3.5.8
20
Rule
Severity: High
Verify and Correct File Permissions with RPM
15
Rule
Severity: High
Verify and Correct Ownership with RPM
27
Rule
Severity: Low
Ensure /var/log Located On Separate Partition
27
Rule
Severity: Low
Ensure /var/log/audit Located On Separate Partition
18
Rule
Severity: Medium
Require Authentication for Emergency Systemd Target
18
Rule
Severity: Medium
Require Authentication for Single User Mode
10
Rule
Severity: Unknown
Disable All GNOME3 Thumbnailers
28
Rule
Severity: Medium
Verify No netrc Files Exist
30
Rule
Severity: Medium
Enable auditd Service
30
Rule
Severity: Medium
Make the auditd Configuration Immutable
30
Rule
Severity: Medium
Record Events that Modify the System's Mandatory Access Controls
30
Rule
Severity: Medium
Record Events that Modify the System's Mandatory Access Controls in usr/share
29
Rule
Severity: Medium
Ensure auditd Collects Information on Exporting to Media (successful)
30
Rule
Severity: Medium
Record Events that Modify the System's Network Environment
30
Rule
Severity: Medium
Record Attempts to Alter Process and Session Initiation Information
29
Rule
Severity: Medium
Ensure auditd Collects System Administrator Actions
29
Rule
Severity: Medium
Record Events that Modify User/Group Information
29
Rule
Severity: Medium
System Audit Logs Must Have Mode 0750 or Less Permissive
40
Rule
Severity: Medium
System Audit Logs Must Be Owned By Root
29
Rule
Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - chmod
29
Rule
Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - chown
29
Rule
Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - fchmod
29
Rule
Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - fchmodat
29
Rule
Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - fchown
29
Rule
Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - fchownat
29
Rule
Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - fremovexattr
15
Rule
Severity: Medium
Verify that Interactive Boot is Disabled
29
Rule
Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - fsetxattr
29
Rule
Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - lchown
29
Rule
Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - lremovexattr
29
Rule
Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - lsetxattr
29
Rule
Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - removexattr
29
Rule
Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - setxattr
23
Rule
Severity: Medium
Ensure auditd Collects File Deletion Events by User
29
Rule
Severity: Medium
Ensure auditd Collects File Deletion Events by User - rename
29
Rule
Severity: Medium
Ensure auditd Collects File Deletion Events by User - renameat
29
Rule
Severity: Medium
Ensure auditd Collects File Deletion Events by User - rmdir
29
Rule
Severity: Medium
Ensure auditd Collects File Deletion Events by User - unlink
29
Rule
Severity: Medium
Ensure auditd Collects File Deletion Events by User - unlinkat
23
Rule
Severity: Medium
Ensure auditd Collects Unauthorized Access Attempts to Files (unsuccessful)
23
Rule
Severity: Medium
Record Unsuccessful Access Attempts to Files - creat
23
Rule
Severity: Medium
Record Unsuccessful Access Attempts to Files - ftruncate
23
Rule
Severity: Medium
Record Unsuccessful Access Attempts to Files - open
24
Rule
Severity: Medium
Record Unsuccessful Access Attempts to Files - open_by_handle_at
23
Rule
Severity: Medium
Record Unsuccessful Access Attempts to Files - openat
23
Rule
Severity: Medium
Record Unsuccessful Access Attempts to Files - truncate
23
Rule
Severity: Medium
Ensure auditd Collects Information on Kernel Module Loading and Unloading
22
Rule
Severity: Medium
Ensure auditd Collects Information on Kernel Module Unloading - delete_module
23
Rule
Severity: Medium
Ensure auditd Collects Information on Kernel Module Loading and Unloading - finit_module
22
Rule
Severity: Medium
Ensure auditd Collects Information on Kernel Module Loading - init_module
29
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands
30
Rule
Severity: Medium
Record attempts to alter time through adjtimex
30
Rule
Severity: Medium
Record Attempts to Alter Time Through clock_settime
30
Rule
Severity: Medium
Record attempts to alter time through settimeofday
29
Rule
Severity: Medium
Record Attempts to Alter Time Through stime
29
Rule
Severity: Medium
Record Attempts to Alter the localtime File
29
Rule
Severity: Medium
Configure auditd to use audispd's syslog plugin
19
Rule
Severity: Low
Enable Auditing for Processes Which Start Prior to the Audit Daemon
59
Rule
Severity: Medium
Configure auditd Disk Error Action on Disk Error
59
Rule
Severity: Medium
Configure auditd Disk Full Action when Disk Space Is Full
27
Rule
Severity: Medium
Configure auditd mail_acct Action on Low Disk Space
30
Rule
Severity: Medium
Configure auditd admin_space_left Action on Low Disk Space
28
Rule
Severity: Medium
Configure auditd Max Log File Size
57
Rule
Severity: Medium
Configure auditd max_log_file_action Upon Reaching Maximum Log Size
30
Rule
Severity: Medium
Configure auditd Number of Logs Retained
30
Rule
Severity: Medium
Configure auditd space_left Action on Low Disk Space
20
Rule
Severity: High
Set Boot Loader Password in grub2
12
Rule
Severity: Medium
Shutdown System When Auditing Failures Occur
20
Rule
Severity: High
Set the UEFI Boot Loader Password
20
Rule
Severity: Medium
Record Events that Modify User/Group Information - /etc/group
27
Rule
Severity: Medium
Ensure rsyslog is Installed
20
Rule
Severity: Medium
Record Events that Modify User/Group Information - /etc/gshadow
20
Rule
Severity: Medium
Record Events that Modify User/Group Information - /etc/security/opasswd
28
Rule
Severity: Medium
Enable rsyslog Service
29
Rule
Severity: Medium
Ensure logrotate is Installed
29
Rule
Severity: Medium
Ensure Logrotate Runs Periodically
29
Rule
Severity: Medium
Ensure syslog-ng is Installed
20
Rule
Severity: Medium
Record Events that Modify User/Group Information - /etc/passwd
29
Rule
Severity: Medium
Enable syslog-ng Service
30
Rule
Severity: Unknown
Enable rsyslog to Accept Messages via TCP, if Acting As Log Server
30
Rule
Severity: Unknown
Enable rsyslog to Accept Messages via UDP, if Acting As Log Server
20
Rule
Severity: Medium
Record Events that Modify User/Group Information - /etc/shadow
27
Rule
Severity: Medium
Ensure Logs Sent To Remote Host
30
Rule
Severity: Medium
Verify ip6tables Enabled if Using IPv6
17
Rule
Severity: Medium
System Audit Logs Must Have Mode 0640 or Less Permissive
30
Rule
Severity: Medium
Verify iptables Enabled
29
Rule
Severity: Medium
Set Default ip6tables Policy for Incoming Packets
30
Rule
Severity: Medium
Set Default iptables Policy for Incoming Packets
29
Rule
Severity: Medium
Set Default iptables Policy for Forwarded Packets
29
Rule
Severity: Medium
Disable IPv6 Networking Support Automatic Loading
29
Rule
Severity: Medium
Disable IPv6 Addressing on All IPv6 Interfaces
29
Rule
Severity: Medium
Disable IPv6 Addressing on IPv6 Interfaces by Default
18
Rule
Severity: Medium
Configure Accepting Router Advertisements on All IPv6 Interfaces
20
Rule
Severity: Medium
Disable Accepting ICMP Redirects for All IPv6 Interfaces
19
Rule
Severity: Medium
Disable Kernel Parameter for IPv6 Forwarding
19
Rule
Severity: Medium
Disable Accepting Router Advertisements on all IPv6 Interfaces by Default
19
Rule
Severity: Medium
Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv6 Interfaces
20
Rule
Severity: Medium
Disable Accepting ICMP Redirects for All IPv4 Interfaces
20
Rule
Severity: Medium
Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv4 Interfaces
20
Rule
Severity: Unknown
Enable Kernel Parameter to Log Martian Packets on all IPv4 Interfaces
22
Rule
Severity: Medium
Disable Kernel Parameter for Accepting Secure ICMP Redirects on all IPv4 Interfaces
17
Rule
Severity: Medium
Record Any Attempts to Run chcon
14
Rule
Severity: Medium
Record Any Attempts to Run restorecon
21
Rule
Severity: Medium
Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv4 Interfaces
14
Rule
Severity: Medium
Record Any Attempts to Run semanage
20
Rule
Severity: Medium
Disable Kernel Parameter for Accepting Source-Routed Packets on IPv4 Interfaces by Default
14
Rule
Severity: Medium
Record Any Attempts to Run setsebool
20
Rule
Severity: Unknown
Enable Kernel Paremeter to Log Martian Packets on all IPv4 Interfaces by Default
20
Rule
Severity: Medium
Configure Kernel Parameter for Accepting Secure Redirects By Default
22
Rule
Severity: Medium
Enable Kernel Parameter to Ignore ICMP Broadcast Echo Requests on IPv4 Interfaces
22
Rule
Severity: Unknown
Enable Kernel Parameter to Ignore Bogus ICMP Error Responses on IPv4 Interfaces
22
Rule
Severity: Medium
Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces
22
Rule
Severity: Medium
Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces by Default
22
Rule
Severity: Medium
Disable Kernel Parameter for IP Forwarding on IPv4 Interfaces
19
Rule
Severity: Medium
Disable DCCP Support
28
Rule
Severity: Low
Disable RDS Support
22
Rule
Severity: Medium
Disable SCTP Support
29
Rule
Severity: Low
Disable TIPC Support
22
Rule
Severity: Medium
Deactivate Wireless Network Interfaces
22
Rule
Severity: Medium
Ensure All Files Are Owned by a Group
11
Rule
Severity: Medium
Record Unsuccessful Creation Attempts to Files - open_by_handle_at O_CREAT
11
Rule
Severity: Medium
Record Unsuccessful Modification Attempts to Files - open_by_handle_at O_TRUNC_WRITE
11
Rule
Severity: Medium
Ensure auditd Unauthorized Access Attempts To open_by_handle_at Are Ordered Correctly
11
Rule
Severity: Medium
Record Unsuccessful Creation Attempts to Files - open O_CREAT
11
Rule
Severity: Medium
Record Unsuccessful Modification Attempts to Files - open O_TRUNC_WRITE
11
Rule
Severity: Medium
Ensure auditd Rules For Unauthorized Attempts To open Are Ordered Correctly
11
Rule
Severity: Medium
Record Unsuccessful Creation Attempts to Files - openat O_CREAT
11
Rule
Severity: Medium
Record Unsuccessful Modification Attempts to Files - openat O_TRUNC_WRITE
11
Rule
Severity: Medium
Ensure auditd Rules For Unauthorized Attempts To openat Are Ordered Correctly
14
Rule
Severity: Medium
Record Unsuccessful Delete Attempts to Files - rename
27
Rule
Severity: Medium
Add nodev Option to /dev/shm
14
Rule
Severity: Medium
Record Unsuccessful Delete Attempts to Files - renameat
27
Rule
Severity: Medium
Add nosuid Option to /dev/shm
14
Rule
Severity: Medium
Record Unsuccessful Delete Attempts to Files - unlink
14
Rule
Severity: Medium
Record Unsuccessful Delete Attempts to Files - unlinkat
30
Rule
Severity: High
Ensure SELinux State is Enforcing
29
Rule
Severity: Low
Disable Avahi Publishing
18
Rule
Severity: Medium
Record Attempts to Alter Logon and Logout Events
20
Rule
Severity: Medium
Record Attempts to Alter Logon and Logout Events - faillock
23
Rule
Severity: Medium
Record Attempts to Alter Logon and Logout Events - lastlog
21
Rule
Severity: Medium
Record Attempts to Alter Logon and Logout Events - tallylog
17
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - chage
17
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - chsh
17
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - crontab
17
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - gpasswd
20
Rule
Severity: Medium
Disable Avahi Server Software
17
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - newgrp
13
Rule
Severity: Medium
Disable Automatic Bug Reporting Tool (abrtd)
15
Rule
Severity: Low
Disable Apache Qpid (qpidd)
17
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - pam_timestamp_check
15
Rule
Severity: Medium
Disable Network Router Discovery Daemon (rdisc)
17
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - passwd
29
Rule
Severity: Medium
Install the cron service
45
Rule
Severity: Medium
Enable cron Service
16
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - postdrop
16
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - postqueue
11
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - pt_chown
16
Rule
Severity: Medium
Disable At Service (atd)
17
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - ssh-keysign
17
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - su
18
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - sudo
16
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - sudoedit
17
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - umount
17
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - unix_chkpwd
14
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - userhelper
29
Rule
Severity: High
Uninstall the inet-based telnet server
29
Rule
Severity: High
Uninstall the ssl compliant telnet server
29
Rule
Severity: High
Uninstall the telnet server
29
Rule
Severity: Unknown
Minimize Served Information
13
Rule
Severity: Medium
Disable DHCP Service
22
Rule
Severity: Low
Uninstall bind Package
13
Rule
Severity: Medium
Disable named Service
12
Rule
Severity: Medium
Disable vsftpd Service
12
Rule
Severity: Unknown
Disable httpd Service
13
Rule
Severity: Medium
Configure auditd admin_space_left on Low Disk Space
14
Rule
Severity: Medium
Configure auditd flush priority
14
Rule
Severity: Unknown
Disable Network File System (nfs)
29
Rule
Severity: High
Install the ntp service
27
Rule
Severity: Medium
Configure auditd space_left on Low Disk Space
27
Rule
Severity: High
Remove Rsh Trust Files
14
Rule
Severity: Unknown
Disable the CUPS Service
12
Rule
Severity: High
Set the Boot Loader Admin Username to a Non-Default Value
30
Rule
Severity: Medium
Disable Host-Based Authentication
13
Rule
Severity: Medium
Set the UEFI Boot Loader Admin Username to a Non-Default Value
30
Rule
Severity: High
Disable SSH Access via Empty Passwords
30
Rule
Severity: Medium
Disable SSH Support for .rhosts Files
30
Rule
Severity: Medium
Disable SSH Root Login
13
Rule
Severity: Medium
Ensure cron Is Logging To Rsyslog
29
Rule
Severity: Unknown
Limit Users' SSH Access
11
Rule
Severity: Medium
Enable logrotate Timer
16
Rule
Severity: Medium
Ensure rsyslog Does Not Accept Remote Messages Unless Acting As Log Server
6
Rule
Severity: Unknown
Disable Zeroconf Networking
14
Rule
Severity: Medium
Ensure System is Not Acting as a Network Sniffer
11
Rule
Severity: Medium
Configure the Firewalld Ports
14
Rule
Severity: Medium
Set Default firewalld Zone for Incoming Packets
9
Rule
Severity: Unknown
Disable Support for RPC IPv6
10
Rule
Severity: Medium
Disable Bluetooth Service
13
Rule
Severity: Medium
Disable Bluetooth Kernel Module
7
Rule
Severity: Unknown
Disable WiFi or Bluetooth in BIOS
18
Rule
Severity: Medium
Ensure All Files Are Owned by a User
18
Rule
Severity: Low
Disable Mounting of cramfs
15
Rule
Severity: Low
Disable Mounting of freevxfs
14
Rule
Severity: Low
Disable Mounting of hfs
14
Rule
Severity: Low
Disable Mounting of hfsplus
15
Rule
Severity: Low
Disable Mounting of jffs2
14
Rule
Severity: Low
Disable Mounting of squashfs
14
Rule
Severity: Low
Disable Mounting of udf
12
Rule
Severity: Low
Disable Mounting of vFAT filesystems
17
Rule
Severity: Medium
Add noexec Option to /dev/shm
16
Rule
Severity: Medium
Add nosuid Option to /home
14
Rule
Severity: Medium
Add nodev Option to Non-Root Local Partitions
17
Rule
Severity: Medium
Add nodev Option to Removable Media Partitions
17
Rule
Severity: Medium
Add noexec Option to Removable Media Partitions
16
Rule
Severity: Medium
Add nosuid Option to Removable Media Partitions
17
Rule
Severity: Medium
Add nodev Option to /tmp
16
Rule
Severity: Medium
Add noexec Option to /tmp
17
Rule
Severity: Medium
Add nosuid Option to /tmp
10
Rule
Severity: Unknown
Bind Mount /var/tmp To /tmp
13
Rule
Severity: Medium
Ensure SELinux Not Disabled in the kernel arguments
16
Rule
Severity: Medium
Ensure SELinux Not Disabled in /etc/default/grub
11
Rule
Severity: Medium
Ensure No Device Files are Unlabeled by SELinux
17
Rule
Severity: Medium
Ensure No Daemons are Unconfined by SELinux
18
Rule
Severity: Medium
Configure SELinux Policy
5
Rule
Severity: Low
Check Avahi Responses' TTL Field
5
Rule
Severity: Low
Serve Avahi Only via Required Protocol
5
Rule
Severity: Medium
Prevent Other Programs from Using Avahi's Port
5
Rule
Severity: Low
Restrict Information Published by Avahi
9
Rule
Severity: Medium
Uninstall avahi-autoipd Server Package
11
Rule
Severity: Medium
Uninstall avahi Server Package
5
Rule
Severity: Low
Install the psacct package
3
Rule
Severity: Low
Enable IRQ Balance (irqbalance)
5
Rule
Severity: Low
Enable Process Accounting (psacct)
5
Rule
Severity: Medium
Disable Advanced Configuration and Power Interface (acpid)
5
Rule
Severity: Low
Disable Certmonger Service (certmonger)
3
Rule
Severity: Low
Disable Control Group Config (cgconfig)
3
Rule
Severity: Low
Disable Control Group Rules Engine (cgred)
5
Rule
Severity: Low
Disable CPU Speed (cpupower)
15
Rule
Severity: Medium
Disable KDump Kernel Crash Analyzer (kdump)
5
Rule
Severity: Low
Disable Software RAID Monitor (mdmonitor)
3
Rule
Severity: Low
Disable D-Bus IPC Service (messagebus)
5
Rule
Severity: Low
Disable Network Console (netconsole)
13
Rule
Severity: Low
Disable ntpdate Service (ntpdate)
13
Rule
Severity: Medium
Disable Odd Job Daemon (oddjobd)
5
Rule
Severity: Low
Disable Portreserve (portreserve)
5
Rule
Severity: Low
Disable Quota Netlink (quota_nld)
7
Rule
Severity: Low
Disable Red Hat Network Service (rhnsd)
5
Rule
Severity: Low
Disable Red Hat Subscription Manager Daemon (rhsmcertd)
5
Rule
Severity: Low
Disable Cyrus SASL Authentication Daemon (saslauthd)
3
Rule
Severity: Low
Disable SMART Disk Monitoring Service (smartd)
5
Rule
Severity: Low
Disable System Statistics Reset Service (sysstat)
6
Rule
Severity: Unknown
Disable anacron Service
5
Rule
Severity: Unknown
Configure Logging
5
Rule
Severity: Unknown
Deny BOOTP Queries
5
Rule
Severity: Unknown
Deny Decline Messages
5
Rule
Severity: Unknown
Do Not Use Dynamic DNS
5
Rule
Severity: Unknown
Disable DHCP Client in ifcfg
15
Rule
Severity: Medium
Uninstall DHCP Server Package
5
Rule
Severity: Medium
Authenticate Zone Transfers
16
Rule
Severity: High
Uninstall vsftpd Package
6
Rule
Severity: Medium
Restrict Access to Anonymous Users if Possible
6
Rule
Severity: Low
Install vsftpd Package
13
Rule
Severity: Unknown
Uninstall httpd Package
5
Rule
Severity: Medium
Set Permissions on the /var/log/httpd/ Directory
7
Rule
Severity: Unknown
Set Permissions on All Configuration Files Inside /etc/httpd/conf.d/
7
Rule
Severity: Unknown
Set Permissions on All Configuration Files Inside /etc/httpd/conf/
7
Rule
Severity: Unknown
Set Permissions on All Configuration Files Inside /etc/httpd/conf.modules.d/
5
Rule
Severity: Unknown
Set httpd ServerSignature Directive to Off
5
Rule
Severity: Unknown
Set httpd ServerTokens Directive to Prod
8
Rule
Severity: Medium
Enable the LDAP Client For Use in Authconfig
8
Rule
Severity: Medium
Configure LDAP Client to Use TLS For All Transactions
5
Rule
Severity: Medium
Configure Certificate Directives for LDAP Use of TLS
14
Rule
Severity: Low
Uninstall openldap-servers Package
14
Rule
Severity: Medium
Uninstall Sendmail Package
16
Rule
Severity: Medium
Disable Postfix Network Listening
5
Rule
Severity: Low
Configure SMTP Greeting Banner
11
Rule
Severity: Medium
Mount Remote Filesystems with nodev
6
Rule
Severity: Unknown
Restrict NFS Clients to Privileged Ports
30
Rule
Severity: Medium
Enable the NTP Daemon
16
Rule
Severity: High
Enable the NTP Daemon
17
Rule
Severity: Medium
Configure Time Service Maxpoll Interval
12
Rule
Severity: Medium
Specify Additional Remote NTP Servers
27
Rule
Severity: Medium
Specify a Remote NTP Server
14
Rule
Severity: Unknown
Specify Additional Remote NTP Servers
17
Rule
Severity: Low
Uninstall xinetd Package
13
Rule
Severity: Medium
Disable xinetd Service
14
Rule
Severity: High
Uninstall ypserv Package
8
Rule
Severity: Medium
Disable ypbind Service
16
Rule
Severity: High
Uninstall rsh-server Package
9
Rule
Severity: High
Disable rexec Service
12
Rule
Severity: High
Disable rlogin Service
8
Rule
Severity: High
Disable rsh Service
15
Rule
Severity: High
Uninstall telnet-server Package
12
Rule
Severity: High
Disable telnet Service
15
Rule
Severity: High
Uninstall tftp-server Package
6
Rule
Severity: High
Disable tftp Service
11
Rule
Severity: Medium
Ensure tftp Daemon Uses Secure Mode
12
Rule
Severity: Unknown
Uninstall CUPS Package
5
Rule
Severity: Unknown
Disable Printer Browsing Entirely if Possible
5
Rule
Severity: Unknown
Disable Print Server Capabilities
11
Rule
Severity: Medium
Use Only FIPS 140-2 Validated Ciphers
7
Rule
Severity: High
Configure SSSD LDAP Backend to Use TLS For All Transactions
6
Rule
Severity: Medium
System Audit Directories Must Be Group Owned By Root
6
Rule
Severity: Medium
System Audit Directories Must Be Owned By Root
11
Rule
Severity: Medium
System Audit Logs Must Be Group Owned By Root
10
Rule
Severity: Unknown
Uninstall nginx Package
1
Rule
Severity: Medium
The Kubernetes Audit Logs Directory Must Have Mode 0700
1
Rule
Severity: Medium
The OAuth Audit Logs Directory Must Have Mode 0700
1
Rule
Severity: Medium
The OpenShift Audit Logs Directory Must Have Mode 0700
1
Rule
Severity: Medium
Kubernetes Audit Logs Must Be Owned By Root
1
Rule
Severity: Medium
OAuth Audit Logs Must Be Owned By Root
1
Rule
Severity: Medium
OpenShift Audit Logs Must Be Owned By Root
1
Rule
Severity: Medium
Kubernetes Audit Logs Must Have Mode 0600
1
Rule
Severity: Medium
OAuth Audit Logs Must Have Mode 0600
1
Rule
Severity: Medium
OpenShift Audit Logs Must Have Mode 0600
1
Rule
Severity: Medium
Enable Auditing for Processes Which Start Prior to the Audit Daemon
1
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - unix2_chkpwd
6
Rule
Severity: High
Enable systemd_timesyncd Service
2
Rule
Severity: Medium
Uninstall DHCP Client Package
2
Rule
Severity: Low
Uninstall tcpd Package
2
Rule
Severity: High
Install the systemd_timesyncd Service
8
Rule
Severity: Low
Uninstall 389-ds-base Package
Patternfly
PatternFly elements
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Modules