Capacity
AC-6(1)
13
Rule
Severity: High
Disable the GNOME3 Login Restart and Shutdown Buttons
13
Rule
Severity: High
Disable GDM Automatic Login
16
Rule
Severity: High
Disable Ctrl-Alt-Del Reboot Key Sequence in GNOME3
29
Rule
Severity: Medium
Ensure that User Home Directories are not Group-Writable or World-Readable
25
Rule
Severity: Medium
Ensure the Default Bash Umask is Set Correctly
31
Rule
Severity: Medium
Ensure the Default Umask is Set Correctly in login.defs
30
Rule
Severity: Medium
Ensure the Default Umask is Set Correctly in /etc/profile
30
Rule
Severity: Medium
System Audit Logs Must Have Mode 0750 or Less Permissive
43
Rule
Severity: Medium
System Audit Logs Must Be Owned By Root
16
Rule
Severity: High
Disable Ctrl-Alt-Del Burst Action
20
Rule
Severity: High
Disable Ctrl-Alt-Del Reboot Activation
15
Rule
Severity: Medium
Ensure the Default C Shell Umask is Set Correctly
23
Rule
Severity: Medium
Verify /boot/grub2/grub.cfg Group Ownership
23
Rule
Severity: Medium
Verify /boot/grub2/grub.cfg User Ownership
23
Rule
Severity: Medium
Verify /boot/grub2/grub.cfg Permissions
18
Rule
Severity: Medium
Verify the UEFI Boot Loader grub.cfg Group Ownership
18
Rule
Severity: Medium
Verify the UEFI Boot Loader grub.cfg User Ownership
18
Rule
Severity: Medium
Verify the UEFI Boot Loader grub.cfg Permissions
32
Rule
Severity: Medium
Ensure Log Files Are Owned By Appropriate Group
32
Rule
Severity: Medium
Ensure Log Files Are Owned By Appropriate User
33
Rule
Severity: Medium
Ensure System Log Files Have Correct Permissions
19
Rule
Severity: Medium
System Audit Logs Must Have Mode 0640 or Less Permissive
34
Rule
Severity: Medium
Verify that All World-Writable Directories Have Sticky Bits Set
21
Rule
Severity: Medium
Ensure All SGID Executables Are Authorized
21
Rule
Severity: Medium
Ensure All SUID Executables Are Authorized
33
Rule
Severity: Medium
Ensure No World-Writable Files Exist
28
Rule
Severity: Medium
Ensure All Files Are Owned by a Group
33
Rule
Severity: Medium
Enable Kernel Parameter to Enforce DAC on Hardlinks
33
Rule
Severity: Medium
Enable Kernel Parameter to Enforce DAC on Symlinks
34
Rule
Severity: Medium
Verify Group Who Owns group File
31
Rule
Severity: Medium
Verify Group Who Owns gshadow File
34
Rule
Severity: Medium
Verify Group Who Owns passwd File
34
Rule
Severity: Medium
Verify Group Who Owns shadow File
34
Rule
Severity: Medium
Verify User Who Owns group File
31
Rule
Severity: Medium
Verify User Who Owns gshadow File
34
Rule
Severity: Medium
Verify User Who Owns passwd File
34
Rule
Severity: Medium
Verify User Who Owns shadow File
34
Rule
Severity: Medium
Verify Permissions on group File
31
Rule
Severity: Medium
Verify Permissions on gshadow File
34
Rule
Severity: Medium
Verify Permissions on passwd File
34
Rule
Severity: Medium
Verify Permissions on shadow File
33
Rule
Severity: Medium
Verify that System Executables Have Root Ownership
32
Rule
Severity: Medium
Verify that Shared Library Files Have Root Ownership
33
Rule
Severity: Medium
Verify that System Executables Have Restrictive Permissions
32
Rule
Severity: Medium
Verify that Shared Library Files Have Restrictive Permissions
29
Rule
Severity: Medium
Add nodev Option to /dev/shm
29
Rule
Severity: Medium
Add nosuid Option to /dev/shm
23
Rule
Severity: Medium
Verify Group Who Owns cron.d
23
Rule
Severity: Medium
Verify Group Who Owns cron.daily
23
Rule
Severity: Medium
Verify Group Who Owns cron.hourly
23
Rule
Severity: Medium
Verify Group Who Owns cron.monthly
23
Rule
Severity: Medium
Verify Group Who Owns cron.weekly
23
Rule
Severity: Medium
Verify Group Who Owns Crontab
23
Rule
Severity: Medium
Verify Owner on cron.d
23
Rule
Severity: Medium
Verify Owner on cron.daily
23
Rule
Severity: Medium
Verify Owner on cron.hourly
23
Rule
Severity: Medium
Verify Owner on cron.monthly
23
Rule
Severity: Medium
Verify Owner on cron.weekly
23
Rule
Severity: Medium
Verify Owner on crontab
23
Rule
Severity: Medium
Verify Permissions on cron.d
23
Rule
Severity: Medium
Verify Permissions on cron.daily
23
Rule
Severity: Medium
Verify Permissions on cron.hourly
23
Rule
Severity: Medium
Verify Permissions on cron.monthly
23
Rule
Severity: Medium
Verify Permissions on cron.weekly
23
Rule
Severity: Medium
Verify Permissions on crontab
24
Rule
Severity: Medium
Verify Group Who Owns /etc/cron.allow file
24
Rule
Severity: Medium
Verify User Who Owns /etc/cron.allow file
24
Rule
Severity: Medium
Verify Group Who Owns SSH Server config file
24
Rule
Severity: Medium
Verify Owner on SSH Server config file
27
Rule
Severity: Medium
Verify /boot/grub2/user.cfg Group Ownership
26
Rule
Severity: Medium
Verify Permissions on SSH Server config file
34
Rule
Severity: Medium
Verify Permissions on SSH Server Private *_key Key Files
27
Rule
Severity: Medium
Verify /boot/grub2/user.cfg User Ownership
33
Rule
Severity: Medium
Verify Permissions on SSH Server Public *.pub Key Files
26
Rule
Severity: Medium
Verify /boot/grub2/user.cfg Permissions
7
Rule
Severity: Medium
Verify /boot/efi/EFI/redhat/user.cfg Group Ownership
7
Rule
Severity: Medium
Verify /boot/efi/EFI/redhat/user.cfg User Ownership
7
Rule
Severity: Medium
Verify /boot/efi/EFI/redhat/user.cfg Permissions
9
Rule
Severity: Medium
Ensure All World-Writable Directories Are Owned by a System Account
11
Rule
Severity: Medium
Ensure All World-Writable Directories Are Group Owned by a System Account
24
Rule
Severity: Medium
Ensure All Files Are Owned by a User
14
Rule
Severity: Medium
Add nodev Option to /boot
18
Rule
Severity: Medium
Add nosuid Option to /boot
19
Rule
Severity: Medium
Add noexec Option to /dev/shm
21
Rule
Severity: Medium
Add nosuid Option to /home
18
Rule
Severity: Medium
Add nodev Option to Non-Root Local Partitions
19
Rule
Severity: Medium
Add nodev Option to Removable Media Partitions
19
Rule
Severity: Medium
Add noexec Option to Removable Media Partitions
19
Rule
Severity: Medium
Add nosuid Option to Removable Media Partitions
19
Rule
Severity: Medium
Add nodev Option to /tmp
20
Rule
Severity: Medium
Add noexec Option to /tmp
21
Rule
Severity: Medium
Add nosuid Option to /tmp
15
Rule
Severity: Medium
Add nodev Option to /var/log/audit
15
Rule
Severity: Medium
Add noexec Option to /var/log/audit
15
Rule
Severity: Medium
Add nosuid Option to /var/log/audit
15
Rule
Severity: Medium
Add nodev Option to /var/log
19
Rule
Severity: Medium
Add noexec Option to /var/log
19
Rule
Severity: Medium
Add nosuid Option to /var/log
15
Rule
Severity: Medium
Add nodev Option to /var
10
Rule
Severity: Unknown
Bind Mount /var/tmp To /tmp
6
Rule
Severity: Unknown
Set Daemon Umask
5
Rule
Severity: Medium
Set Permissions on the /var/log/httpd/ Directory
7
Rule
Severity: Unknown
Set Permissions on All Configuration Files Inside /etc/httpd/conf.d/
7
Rule
Severity: Unknown
Set Permissions on All Configuration Files Inside /etc/httpd/conf/
7
Rule
Severity: Unknown
Set Permissions on All Configuration Files Inside /etc/httpd/conf.modules.d/
16
Rule
Severity: Medium
Mount Remote Filesystems with nosuid
8
Rule
Severity: Medium
System Audit Directories Must Be Group Owned By Root
8
Rule
Severity: Medium
System Audit Directories Must Be Owned By Root
13
Rule
Severity: Medium
System Audit Logs Must Be Group Owned By Root
8
Rule
Severity: Medium
Enable Kernel Parameter to Enforce DAC on FIFOs
8
Rule
Severity: Medium
Enable Kernel Parameter to Enforce DAC on Regular files
1
Rule
Severity: Medium
The Kubernetes Audit Logs Directory Must Have Mode 0700
1
Rule
Severity: Medium
The OAuth Audit Logs Directory Must Have Mode 0700
1
Rule
Severity: Medium
The OpenShift Audit Logs Directory Must Have Mode 0700
1
Rule
Severity: Medium
Kubernetes Audit Logs Must Be Owned By Root
1
Rule
Severity: Medium
OAuth Audit Logs Must Be Owned By Root
1
Rule
Severity: Medium
OpenShift Audit Logs Must Be Owned By Root
1
Rule
Severity: Medium
Kubernetes Audit Logs Must Have Mode 0600
1
Rule
Severity: Medium
OAuth Audit Logs Must Have Mode 0600
1
Rule
Severity: Medium
OpenShift Audit Logs Must Have Mode 0600
1
Rule
Severity: Medium
Limit Containers Ability to use the HostDir volume plugin
3
Rule
Severity: Medium
Verify /boot/grub/grub.cfg User Ownership
3
Rule
Severity: Medium
Verify /boot/grub/grub.cfg Permissions
1
Rule
Severity: Medium
Verify /boot/grub/grub.cfg Group Ownership
1
Rule
Severity: Medium
Verify /boot/grub/user.cfg Group Ownership
1
Rule
Severity: Medium
Verify /boot/grub/user.cfg User Ownership
1
Rule
Severity: Medium
Verify /boot/grub/user.cfg Permissions
1
Rule
Severity: Medium
Verify /boot/efi/EFI/sles/user.cfg Group Ownership
1
Rule
Severity: Medium
Verify /boot/efi/EFI/sles/user.cfg User Ownership
1
Rule
Severity: Medium
Verify /boot/efi/EFI/sles/user.cfg Permissions
Patternfly
PatternFly elements
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Modules