Install the dracut-fips-aesni Package
Install the dracut-fips Package
Enable FIPS Mode in GRUB2
Disable GNOME3 Automounting
Disable GNOME3 Automount Opening
Disable GNOME3 Automount running
Record Events that Modify the System's Mandatory Access Controls
Record Events that Modify the System's Mandatory Access Controls in usr/share
Ensure auditd Collects Information on Exporting to Media (successful)
Record Events that Modify the System's Network Environment
Record Attempts to Alter Process and Session Initiation Information
Ensure auditd Collects System Administrator Actions
Record Events that Modify User/Group Information
Record Events that Modify the System's Discretionary Access Controls - chmod
Record Events that Modify the System's Discretionary Access Controls - chown
Record Events that Modify the System's Discretionary Access Controls - fchmod
Record Events that Modify the System's Discretionary Access Controls - fchmodat
Record Events that Modify the System's Discretionary Access Controls - fchown
Record Events that Modify the System's Discretionary Access Controls - fchownat
Record Events that Modify the System's Discretionary Access Controls - fremovexattr
Record Events that Modify the System's Discretionary Access Controls - fsetxattr
Record Events that Modify the System's Discretionary Access Controls - lchown
Record Events that Modify the System's Discretionary Access Controls - lremovexattr
Record Events that Modify the System's Discretionary Access Controls - lsetxattr
Record Events that Modify the System's Discretionary Access Controls - removexattr
Record Events that Modify the System's Discretionary Access Controls - setxattr
Ensure auditd Collects File Deletion Events by User
Ensure auditd Collects File Deletion Events by User - rename
Ensure auditd Collects File Deletion Events by User - renameat
Ensure auditd Collects File Deletion Events by User - rmdir
Ensure auditd Collects File Deletion Events by User - unlink
Ensure auditd Collects File Deletion Events by User - unlinkat
Ensure auditd Collects Unauthorized Access Attempts to Files (unsuccessful)
Record Unsuccessful Access Attempts to Files - creat
Record Unsuccessful Access Attempts to Files - ftruncate
Record Unsuccessful Access Attempts to Files - open
Record Unsuccessful Access Attempts to Files - open_by_handle_at
Record Unsuccessful Access Attempts to Files - openat
Record Unsuccessful Access Attempts to Files - truncate
Ensure auditd Collects Information on Kernel Module Loading and Unloading
Ensure auditd Collects Information on Kernel Module Unloading - delete_module
Ensure auditd Collects Information on Kernel Module Loading and Unloading - finit_module
Ensure auditd Collects Information on Kernel Module Loading - init_module
Ensure auditd Collects Information on the Use of Privileged Commands
Record attempts to alter time through adjtimex
Record Attempts to Alter Time Through clock_settime
Record attempts to alter time through settimeofday
Record Attempts to Alter Time Through stime
Record Attempts to Alter the localtime File
Enable Auditing for Processes Which Start Prior to the Audit Daemon
Record Events that Modify User/Group Information - /etc/group
Record Events that Modify User/Group Information - /etc/gshadow
Record Events that Modify User/Group Information - /etc/security/opasswd
Record Events that Modify User/Group Information - /etc/passwd
Record Events that Modify User/Group Information - /etc/shadow
Install libreswan Package
Enable Kernel Parameter to Log Martian Packets on all IPv4 Interfaces
Enable Kernel Paremeter to Log Martian Packets on all IPv4 Interfaces by Default
Deactivate Wireless Network Interfaces
Record Unsuccessful Creation Attempts to Files - open_by_handle_at O_CREAT
Record Unsuccessful Modification Attempts to Files - open_by_handle_at O_TRUNC_WRITE
Ensure auditd Unauthorized Access Attempts To open_by_handle_at Are Ordered Correctly
Record Unsuccessful Creation Attempts to Files - open O_CREAT
Record Unsuccessful Modification Attempts to Files - open O_TRUNC_WRITE
Ensure auditd Rules For Unauthorized Attempts To open Are Ordered Correctly
Record Unsuccessful Creation Attempts to Files - openat O_CREAT
Record Unsuccessful Modification Attempts to Files - openat O_TRUNC_WRITE
Ensure auditd Rules For Unauthorized Attempts To openat Are Ordered Correctly
Record Unsuccessful Delete Attempts to Files - rename
Record Unsuccessful Delete Attempts to Files - renameat
Record Unsuccessful Delete Attempts to Files - unlink
Record Unsuccessful Delete Attempts to Files - unlinkat
Record Attempts to Alter Logon and Logout Events
Record Attempts to Alter Logon and Logout Events - faillock
Record Attempts to Alter Logon and Logout Events - lastlog
Record Attempts to Alter Logon and Logout Events - tallylog
Disable Automatic Bug Reporting Tool (abrtd)
Disable Apache Qpid (qpidd)
Disable Network Router Discovery Daemon (rdisc)
Uninstall the inet-based telnet server
Uninstall the ssl compliant telnet server
Uninstall the telnet server
Allow Only SSH Protocol 2
Ensure System is Not Acting as a Network Sniffer
Configure the Firewalld Ports
Disable Bluetooth Service
Disable Bluetooth Kernel Module
Disable WiFi or Bluetooth in BIOS
Disable Booting from USB Devices in Boot Firmware
Disable Kernel Support for USB via Bootloader Configuration
Disable Modprobe Loading of USB Storage Driver
Add nodev Option to Removable Media Partitions
Add noexec Option to Removable Media Partitions
Add nosuid Option to Removable Media Partitions
Disable KDump Kernel Crash Analyzer (kdump)
Disable Network Console (netconsole)
Disable ntpdate Service (ntpdate)
Disable Portreserve (portreserve)
Disable Red Hat Network Service (rhnsd)
Disable Cyrus SASL Authentication Daemon (saslauthd)
Enable the LDAP Client For Use in Authconfig
Configure LDAP Client to Use TLS For All Transactions
Uninstall rsh-server Package
Uninstall telnet-server Package
Uninstall tftp-server Package
Ensure tftp Daemon Uses Secure Mode
Use Only FIPS 140-2 Validated Ciphers
Use Only FIPS 140-2 Validated MACs
Configure SSSD LDAP Backend to Use TLS For All Transactions
Remove the X Windows Package Group
Disable X Windows Startup By Setting Default Target
Enable Auditing for Processes Which Start Prior to the Audit Daemon
Disable Kernel Support for USB via Bootloader Configuration
Install strongswan Package