Capacity
AC-6(1)
11
Rule
Severity: High
Disable the GNOME3 Login Restart and Shutdown Buttons
11
Rule
Severity: High
Disable GDM Automatic Login
13
Rule
Severity: High
Disable Ctrl-Alt-Del Reboot Key Sequence in GNOME3
29
Rule
Severity: Medium
Ensure that User Home Directories are not Group-Writable or World-Readable
20
Rule
Severity: Medium
Ensure the Default Bash Umask is Set Correctly
27
Rule
Severity: Medium
Ensure the Default Umask is Set Correctly in login.defs
27
Rule
Severity: Medium
Ensure the Default Umask is Set Correctly in /etc/profile
29
Rule
Severity: Medium
System Audit Logs Must Have Mode 0750 or Less Permissive
40
Rule
Severity: Medium
System Audit Logs Must Be Owned By Root
14
Rule
Severity: High
Disable Ctrl-Alt-Del Burst Action
17
Rule
Severity: High
Disable Ctrl-Alt-Del Reboot Activation
13
Rule
Severity: Medium
Ensure the Default C Shell Umask is Set Correctly
19
Rule
Severity: Medium
Verify /boot/grub2/grub.cfg Group Ownership
19
Rule
Severity: Medium
Verify /boot/grub2/grub.cfg User Ownership
18
Rule
Severity: Medium
Verify /boot/grub2/grub.cfg Permissions
12
Rule
Severity: Medium
Verify the UEFI Boot Loader grub.cfg Group Ownership
12
Rule
Severity: Medium
Verify the UEFI Boot Loader grub.cfg User Ownership
12
Rule
Severity: Medium
Verify the UEFI Boot Loader grub.cfg Permissions
29
Rule
Severity: Medium
Ensure Log Files Are Owned By Appropriate Group
29
Rule
Severity: Medium
Ensure Log Files Are Owned By Appropriate User
29
Rule
Severity: Medium
Ensure System Log Files Have Correct Permissions
17
Rule
Severity: Medium
System Audit Logs Must Have Mode 0640 or Less Permissive
30
Rule
Severity: Medium
Verify that All World-Writable Directories Have Sticky Bits Set
18
Rule
Severity: Medium
Ensure All SGID Executables Are Authorized
18
Rule
Severity: Medium
Ensure All SUID Executables Are Authorized
30
Rule
Severity: Medium
Ensure No World-Writable Files Exist
22
Rule
Severity: Medium
Ensure All Files Are Owned by a Group
30
Rule
Severity: Medium
Enable Kernel Parameter to Enforce DAC on Hardlinks
30
Rule
Severity: Medium
Enable Kernel Parameter to Enforce DAC on Symlinks
30
Rule
Severity: Medium
Verify Group Who Owns group File
28
Rule
Severity: Medium
Verify Group Who Owns gshadow File
30
Rule
Severity: Medium
Verify Group Who Owns passwd File
30
Rule
Severity: Medium
Verify Group Who Owns shadow File
30
Rule
Severity: Medium
Verify User Who Owns group File
28
Rule
Severity: Medium
Verify User Who Owns gshadow File
30
Rule
Severity: Medium
Verify User Who Owns passwd File
30
Rule
Severity: Medium
Verify User Who Owns shadow File
30
Rule
Severity: Medium
Verify Permissions on group File
28
Rule
Severity: Medium
Verify Permissions on gshadow File
30
Rule
Severity: Medium
Verify Permissions on passwd File
30
Rule
Severity: Medium
Verify Permissions on shadow File
29
Rule
Severity: Medium
Verify that System Executables Have Root Ownership
29
Rule
Severity: Medium
Verify that Shared Library Files Have Root Ownership
29
Rule
Severity: Medium
Verify that System Executables Have Restrictive Permissions
29
Rule
Severity: Medium
Verify that Shared Library Files Have Restrictive Permissions
27
Rule
Severity: Medium
Add nodev Option to /dev/shm
27
Rule
Severity: Medium
Add nosuid Option to /dev/shm
20
Rule
Severity: Medium
Verify Group Who Owns cron.d
20
Rule
Severity: Medium
Verify Group Who Owns cron.daily
20
Rule
Severity: Medium
Verify Group Who Owns cron.hourly
20
Rule
Severity: Medium
Verify Group Who Owns cron.monthly
20
Rule
Severity: Medium
Verify Group Who Owns cron.weekly
20
Rule
Severity: Medium
Verify Group Who Owns Crontab
20
Rule
Severity: Medium
Verify Owner on cron.d
20
Rule
Severity: Medium
Verify Owner on cron.daily
20
Rule
Severity: Medium
Verify Owner on cron.hourly
20
Rule
Severity: Medium
Verify Owner on cron.monthly
20
Rule
Severity: Medium
Verify Owner on cron.weekly
20
Rule
Severity: Medium
Verify Owner on crontab
20
Rule
Severity: Medium
Verify Permissions on cron.d
20
Rule
Severity: Medium
Verify Permissions on cron.daily
20
Rule
Severity: Medium
Verify Permissions on cron.hourly
20
Rule
Severity: Medium
Verify Permissions on cron.monthly
20
Rule
Severity: Medium
Verify Permissions on cron.weekly
20
Rule
Severity: Medium
Verify Permissions on crontab
22
Rule
Severity: Medium
Verify Group Who Owns /etc/cron.allow file
22
Rule
Severity: Medium
Verify User Who Owns /etc/cron.allow file
18
Rule
Severity: Medium
Verify Group Who Owns SSH Server config file
18
Rule
Severity: Medium
Verify Owner on SSH Server config file
16
Rule
Severity: Medium
Verify /boot/grub2/user.cfg Group Ownership
20
Rule
Severity: Medium
Verify Permissions on SSH Server config file
29
Rule
Severity: Medium
Verify Permissions on SSH Server Private *_key Key Files
16
Rule
Severity: Medium
Verify /boot/grub2/user.cfg User Ownership
29
Rule
Severity: Medium
Verify Permissions on SSH Server Public *.pub Key Files
14
Rule
Severity: Medium
Verify /boot/grub2/user.cfg Permissions
6
Rule
Severity: Medium
Verify /boot/efi/EFI/redhat/user.cfg Group Ownership
7
Rule
Severity: Medium
Verify /boot/efi/EFI/redhat/user.cfg User Ownership
7
Rule
Severity: Medium
Verify /boot/efi/EFI/redhat/user.cfg Permissions
9
Rule
Severity: Medium
Ensure All World-Writable Directories Are Owned by a System Account
10
Rule
Severity: Medium
Ensure All World-Writable Directories Are Group Owned by a System Account
18
Rule
Severity: Medium
Ensure All Files Are Owned by a User
12
Rule
Severity: Medium
Add nodev Option to /boot
14
Rule
Severity: Medium
Add nosuid Option to /boot
17
Rule
Severity: Medium
Add noexec Option to /dev/shm
16
Rule
Severity: Medium
Add nosuid Option to /home
14
Rule
Severity: Medium
Add nodev Option to Non-Root Local Partitions
17
Rule
Severity: Medium
Add nodev Option to Removable Media Partitions
17
Rule
Severity: Medium
Add noexec Option to Removable Media Partitions
16
Rule
Severity: Medium
Add nosuid Option to Removable Media Partitions
17
Rule
Severity: Medium
Add nodev Option to /tmp
16
Rule
Severity: Medium
Add noexec Option to /tmp
17
Rule
Severity: Medium
Add nosuid Option to /tmp
13
Rule
Severity: Medium
Add nodev Option to /var/log/audit
13
Rule
Severity: Medium
Add noexec Option to /var/log/audit
13
Rule
Severity: Medium
Add nosuid Option to /var/log/audit
13
Rule
Severity: Medium
Add nodev Option to /var/log
15
Rule
Severity: Medium
Add noexec Option to /var/log
15
Rule
Severity: Medium
Add nosuid Option to /var/log
13
Rule
Severity: Medium
Add nodev Option to /var
10
Rule
Severity: Unknown
Bind Mount /var/tmp To /tmp
6
Rule
Severity: Unknown
Set Daemon Umask
5
Rule
Severity: Medium
Set Permissions on the /var/log/httpd/ Directory
7
Rule
Severity: Unknown
Set Permissions on All Configuration Files Inside /etc/httpd/conf.d/
7
Rule
Severity: Unknown
Set Permissions on All Configuration Files Inside /etc/httpd/conf/
7
Rule
Severity: Unknown
Set Permissions on All Configuration Files Inside /etc/httpd/conf.modules.d/
13
Rule
Severity: Medium
Mount Remote Filesystems with nosuid
6
Rule
Severity: Medium
System Audit Directories Must Be Group Owned By Root
6
Rule
Severity: Medium
System Audit Directories Must Be Owned By Root
11
Rule
Severity: Medium
System Audit Logs Must Be Group Owned By Root
4
Rule
Severity: Medium
Enable Kernel Parameter to Enforce DAC on FIFOs
4
Rule
Severity: Medium
Enable Kernel Parameter to Enforce DAC on Regular files
1
Rule
Severity: Medium
The Kubernetes Audit Logs Directory Must Have Mode 0700
1
Rule
Severity: Medium
The OAuth Audit Logs Directory Must Have Mode 0700
1
Rule
Severity: Medium
The OpenShift Audit Logs Directory Must Have Mode 0700
1
Rule
Severity: Medium
Kubernetes Audit Logs Must Be Owned By Root
1
Rule
Severity: Medium
OAuth Audit Logs Must Be Owned By Root
1
Rule
Severity: Medium
OpenShift Audit Logs Must Be Owned By Root
1
Rule
Severity: Medium
Kubernetes Audit Logs Must Have Mode 0600
1
Rule
Severity: Medium
OAuth Audit Logs Must Have Mode 0600
1
Rule
Severity: Medium
OpenShift Audit Logs Must Have Mode 0600
1
Rule
Severity: Medium
Limit Containers Ability to use the HostDir volume plugin
2
Rule
Severity: Medium
Verify /boot/grub/grub.cfg User Ownership
2
Rule
Severity: Medium
Verify /boot/grub/grub.cfg Permissions
Patternfly
PatternFly elements
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Modules