Capacity
CIP-004-6 R2.3
Choose one
1
Rule
Severity: Medium
Do Not Use htpasswd-based IdP
1
Rule
Severity: High
Only Use LDAP-based IdPs with TLS
1
Rule
Severity: High
Ensure that Audit Log Errors Emit Alerts
18
Rule
Severity: Medium
Require Authentication for Single User Mode
30
Rule
Severity: Low
All GIDs referenced in /etc/passwd must be defined in /etc/group
28
Rule
Severity: Medium
Verify No netrc Files Exist
30
Rule
Severity: High
Verify Only Root Has UID 0
29
Rule
Severity: Medium
Direct root Logins Not Allowed
29
Rule
Severity: Medium
Restrict Serial Port Root Logins
29
Rule
Severity: Medium
Restrict Virtual Console Root Logins
29
Rule
Severity: Medium
Ensure that User Home Directories are not Group-Writable or World-Readable
20
Rule
Severity: Medium
Ensure the Default Bash Umask is Set Correctly
27
Rule
Severity: Medium
Ensure the Default Umask is Set Correctly in login.defs
27
Rule
Severity: Medium
Ensure the Default Umask is Set Correctly in /etc/profile
29
Rule
Severity: Medium
System Audit Logs Must Have Mode 0750 or Less Permissive
29
Rule
Severity: Medium
System Audit Logs Must Be Owned By Root
15
Rule
Severity: High
Disable Ctrl-Alt-Del Burst Action
17
Rule
Severity: High
Disable Ctrl-Alt-Del Reboot Activation
14
Rule
Severity: Medium
Ensure that System Accounts Are Locked
13
Rule
Severity: Medium
Ensure the Default C Shell Umask is Set Correctly
27
Rule
Severity: Medium
Configure auditd mail_acct Action on Low Disk Space
29
Rule
Severity: Medium
Ensure Log Files Are Owned By Appropriate Group
29
Rule
Severity: Medium
Ensure Log Files Are Owned By Appropriate User
29
Rule
Severity: Medium
Ensure System Log Files Have Correct Permissions
17
Rule
Severity: Medium
System Audit Logs Must Have Mode 0640 or Less Permissive
30
Rule
Severity: Medium
Verify that All World-Writable Directories Have Sticky Bits Set
30
Rule
Severity: Medium
Ensure No World-Writable Files Exist
30
Rule
Severity: Medium
Enable Kernel Parameter to Enforce DAC on Hardlinks
30
Rule
Severity: Medium
Enable Kernel Parameter to Enforce DAC on Symlinks
30
Rule
Severity: Medium
Verify Group Who Owns group File
28
Rule
Severity: Medium
Verify Group Who Owns gshadow File
30
Rule
Severity: Medium
Verify Group Who Owns passwd File
30
Rule
Severity: Medium
Verify Group Who Owns shadow File
30
Rule
Severity: Medium
Verify User Who Owns group File
28
Rule
Severity: Medium
Verify User Who Owns gshadow File
30
Rule
Severity: Medium
Verify User Who Owns passwd File
30
Rule
Severity: Medium
Verify User Who Owns shadow File
30
Rule
Severity: Medium
Verify Permissions on group File
28
Rule
Severity: Medium
Verify Permissions on gshadow File
30
Rule
Severity: Medium
Verify Permissions on passwd File
30
Rule
Severity: Medium
Verify Permissions on shadow File
29
Rule
Severity: Medium
Verify that System Executables Have Root Ownership
29
Rule
Severity: Medium
Verify that Shared Library Files Have Root Ownership
29
Rule
Severity: Medium
Verify that System Executables Have Restrictive Permissions
29
Rule
Severity: Medium
Verify that Shared Library Files Have Restrictive Permissions
27
Rule
Severity: Medium
Add nodev Option to /dev/shm
27
Rule
Severity: Medium
Add nosuid Option to /dev/shm
30
Rule
Severity: Medium
Restrict Exposed Kernel Pointer Addresses Access
30
Rule
Severity: Medium
Enable Randomized Layout of Virtual Address Space
30
Rule
Severity: High
Ensure SELinux State is Enforcing
18
Rule
Severity: Medium
Verify Group Who Owns SSH Server config file
18
Rule
Severity: Medium
Verify Owner on SSH Server config file
20
Rule
Severity: Medium
Verify Permissions on SSH Server config file
29
Rule
Severity: Medium
Verify Permissions on SSH Server Private *_key Key Files
29
Rule
Severity: Medium
Verify Permissions on SSH Server Public *.pub Key Files
30
Rule
Severity: Medium
Disable Host-Based Authentication
30
Rule
Severity: Medium
Disable SSH Root Login
29
Rule
Severity: Medium
Enable Use of Strict Mode Checking
29
Rule
Severity: Unknown
Limit Users' SSH Access
29
Rule
Severity: Medium
Enable Use of Privilege Separation
12
Rule
Severity: Medium
Add nodev Option to /boot
14
Rule
Severity: Medium
Add nosuid Option to /boot
17
Rule
Severity: Medium
Add noexec Option to /dev/shm
16
Rule
Severity: Medium
Add nosuid Option to /home
14
Rule
Severity: Medium
Add nodev Option to Non-Root Local Partitions
17
Rule
Severity: Medium
Add nodev Option to Removable Media Partitions
17
Rule
Severity: Medium
Add noexec Option to Removable Media Partitions
16
Rule
Severity: Medium
Add nosuid Option to Removable Media Partitions
17
Rule
Severity: Medium
Add nodev Option to /tmp
16
Rule
Severity: Medium
Add noexec Option to /tmp
17
Rule
Severity: Medium
Add nosuid Option to /tmp
13
Rule
Severity: Medium
Add nodev Option to /var/log/audit
13
Rule
Severity: Medium
Add noexec Option to /var/log/audit
13
Rule
Severity: Medium
Add nosuid Option to /var/log/audit
13
Rule
Severity: Medium
Add nodev Option to /var/log
15
Rule
Severity: Medium
Add noexec Option to /var/log
15
Rule
Severity: Medium
Add nosuid Option to /var/log
13
Rule
Severity: Medium
Add nodev Option to /var
13
Rule
Severity: Medium
Ensure SELinux Not Disabled in the kernel arguments
16
Rule
Severity: Medium
Ensure SELinux Not Disabled in /etc/default/grub
17
Rule
Severity: Medium
Ensure No Daemons are Unconfined by SELinux
18
Rule
Severity: Medium
Configure SELinux Policy
1
Rule
Severity: Medium
The Kubernetes Audit Logs Directory Must Have Mode 0700
1
Rule
Severity: Medium
The OAuth Audit Logs Directory Must Have Mode 0700
1
Rule
Severity: Medium
The OpenShift Audit Logs Directory Must Have Mode 0700
1
Rule
Severity: Medium
Kubernetes Audit Logs Must Be Owned By Root
1
Rule
Severity: Medium
OAuth Audit Logs Must Be Owned By Root
1
Rule
Severity: Medium
OpenShift Audit Logs Must Be Owned By Root
1
Rule
Severity: Medium
Kubernetes Audit Logs Must Have Mode 0600
1
Rule
Severity: Medium
OAuth Audit Logs Must Have Mode 0600
1
Rule
Severity: Medium
OpenShift Audit Logs Must Have Mode 0600
1
Rule
Severity: Medium
Verify Permissions on the OpenShift PKI Private Key Files
Patternfly
PatternFly elements
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Modules
66%