Capacity
A.9.2.4
Choose one
29
Rule
Severity: Medium
Ensure Users Re-Authenticate for Privilege Escalation - sudo !authenticate
29
Rule
Severity: Medium
Ensure Users Re-Authenticate for Privilege Escalation - sudo NOPASSWD
29
Rule
Severity: Medium
Ensure Users Re-Authenticate for Privilege Escalation - sudo
20
Rule
Severity: Medium
Modify the System Login Banner
29
Rule
Severity: Low
Ensure PAM Displays Last Logon/Access Notification
17
Rule
Severity: Medium
Limit Password Reuse: password-auth
17
Rule
Severity: Medium
Limit Password Reuse: system-auth
18
Rule
Severity: Medium
Ensure PAM Enforces Password Requirements - Minimum Different Categories
20
Rule
Severity: Medium
Ensure PAM Enforces Password Requirements - Minimum Length
19
Rule
Severity: Medium
Ensure PAM Enforces Password Requirements - Authentication Retry Prompts Permitted Per-Session
20
Rule
Severity: Medium
Set PAM''s Password Hashing Algorithm
18
Rule
Severity: Medium
Require Authentication for Emergency Systemd Target
18
Rule
Severity: Medium
Require Authentication for Single User Mode
22
Rule
Severity: Medium
Set Account Expiration Following Inactivity
13
Rule
Severity: Medium
Enable GNOME3 Screensaver Idle Activation
30
Rule
Severity: Medium
Set Password Maximum Age
28
Rule
Severity: Medium
Set Password Minimum Age
10
Rule
Severity: Medium
Ensure Users Cannot Change GNOME3 Screensaver Idle Activation
13
Rule
Severity: Medium
Set GNOME3 Screensaver Inactivity Timeout
12
Rule
Severity: Medium
Set GNOME3 Screensaver Lock Delay After Activation Period
29
Rule
Severity: Medium
Set Password Minimum Length in login.defs
30
Rule
Severity: Medium
Set Password Warning Age
29
Rule
Severity: Medium
Verify All Account Password Hashes are Shadowed
30
Rule
Severity: Low
All GIDs referenced in /etc/passwd must be defined in /etc/group
15
Rule
Severity: Medium
Enable GNOME3 Screensaver Lock After Idle Period
11
Rule
Severity: Medium
Ensure Users Cannot Change GNOME3 Screensaver Lock After Idle Period
29
Rule
Severity: High
Prevent Login to Accounts With Empty Password
13
Rule
Severity: Medium
Implement Blank Screensaver
11
Rule
Severity: Medium
Ensure Users Cannot Change GNOME3 Screensaver Settings
13
Rule
Severity: Medium
Ensure Users Cannot Change GNOME3 Session Idle Settings
28
Rule
Severity: Medium
Verify No netrc Files Exist
30
Rule
Severity: High
Verify Only Root Has UID 0
29
Rule
Severity: Medium
Direct root Logins Not Allowed
21
Rule
Severity: Medium
Ensure that System Accounts Do Not Run a Shell Upon Login
23
Rule
Severity: Medium
Set Interactive Session Timeout
15
Rule
Severity: Medium
Enable GNOME3 Login Warning Banner
15
Rule
Severity: Medium
Set the GNOME3 Login Warning Banner Text
17
Rule
Severity: Medium
Limit Password Reuse
15
Rule
Severity: Medium
Lock Accounts After Failed Password Attempts
12
Rule
Severity: Medium
Configure the root Account for Failed Password Attempts
14
Rule
Severity: Medium
Set Interval For Counting Failed Password Attempts
29
Rule
Severity: Medium
Ensure auditd Collects System Administrator Actions
15
Rule
Severity: Medium
Set Lockout Time for Failed Password Attempts
29
Rule
Severity: Medium
Record Events that Modify User/Group Information
16
Rule
Severity: Medium
Ensure PAM Enforces Password Requirements - Minimum Digit Characters
13
Rule
Severity: Medium
Ensure PAM Enforces Password Requirements - Minimum Different Characters
16
Rule
Severity: Medium
Ensure PAM Enforces Password Requirements - Minimum Lowercase Characters
12
Rule
Severity: Medium
Ensure PAM Enforces Password Requirements - Maximum Consecutive Repeating Characters from Same Character Class
12
Rule
Severity: Medium
Set Password Maximum Consecutive Repeating Characters
16
Rule
Severity: Medium
Ensure PAM Enforces Password Requirements - Minimum Special Characters
16
Rule
Severity: Medium
Ensure PAM Enforces Password Requirements - Minimum Uppercase Characters
14
Rule
Severity: Medium
Set Password Hashing Algorithm in /etc/libuser.conf
16
Rule
Severity: Medium
Set Password Hashing Algorithm in /etc/login.defs
13
Rule
Severity: Medium
Set PAM''s Password Hashing Algorithm - password-auth
5
Rule
Severity: Medium
Install the screen Package
14
Rule
Severity: Medium
Configure opensc Smart Card Drivers
5
Rule
Severity: Medium
Configure NSS DB To Use opensc
14
Rule
Severity: Medium
Force opensc To Use Defined Smart Card Driver
5
Rule
Severity: Medium
Enable Smart Card Login
11
Rule
Severity: Medium
Assign Expiration Date to Emergency Accounts
16
Rule
Severity: Medium
Assign Expiration Date to Temporary Accounts
9
Rule
Severity: Medium
Set existing passwords a period of inactivity before they been locked
20
Rule
Severity: High
Set Boot Loader Password in grub2
20
Rule
Severity: Medium
Record Events that Modify User/Group Information - /etc/group
20
Rule
Severity: Medium
Record Events that Modify User/Group Information - /etc/gshadow
20
Rule
Severity: Medium
Record Events that Modify User/Group Information - /etc/security/opasswd
20
Rule
Severity: Medium
Record Events that Modify User/Group Information - /etc/passwd
20
Rule
Severity: Medium
Record Events that Modify User/Group Information - /etc/shadow
22
Rule
Severity: Medium
Ensure All Files Are Owned by a Group
23
Rule
Severity: Medium
Disable the Automounter
29
Rule
Severity: Medium
Set SSH Client Alive Count Max to zero
29
Rule
Severity: Medium
Set SSH Client Alive Count Max
12
Rule
Severity: High
Set the Boot Loader Admin Username to a Non-Default Value
29
Rule
Severity: Medium
Set SSH Client Alive Interval
29
Rule
Severity: High
Allow Only SSH Protocol 2
30
Rule
Severity: Medium
Disable SSH Root Login
57
Rule
Severity: Medium
Enable SSH Warning Banner
29
Rule
Severity: Medium
Enable SSH Print Last Log
19
Rule
Severity: Medium
Disable Modprobe Loading of USB Storage Driver
10
Rule
Severity: Medium
Mount Remote Filesystems with Kerberos Security
12
Rule
Severity: Medium
Use Kerberos Security on All Exports
12
Rule
Severity: High
Disable rlogin Service
8
Rule
Severity: High
Disable rsh Service
12
Rule
Severity: High
Disable telnet Service
11
Rule
Severity: High
Ensure Default SNMP Password Is Not Used
11
Rule
Severity: Medium
Use Only FIPS 140-2 Validated Ciphers
11
Rule
Severity: Medium
Use Only FIPS 140-2 Validated MACs
7
Rule
Severity: Medium
Install the SSSD Package
8
Rule
Severity: Medium
Enable the SSSD Service
8
Rule
Severity: Medium
Configure PAM in SSSD Services
11
Rule
Severity: Medium
Configure SSSD's Memory Cache to Expire
17
Rule
Severity: Medium
Configure SSSD to Expire Offline Credentials
9
Rule
Severity: Medium
Configure SSSD to Expire SSH Known Hosts
5
Rule
Severity: Medium
Configure Logind to terminate idle sessions after certain time of inactivity
9
Rule
Severity: Medium
Install the tmux Package
2
Rule
Severity: Medium
Configure the root Account lock for Failed Password Attempts via pam_tally2
2
Rule
Severity: Medium
Set Lockout Time for Failed Password Attempts using pam_tally2
Patternfly
PatternFly elements
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Modules
66%