Capacity
CM-6(a)
29
Rule
Severity: Medium
Harden SSH client Crypto Policy
19
Rule
Severity: High
The Installed Operating System Is FIPS 140-2 Certified
1
Rule
Severity: Medium
Ensure that File Integrity Operator is scanning the cluster
7
Rule
Severity: Medium
Disable Prelinking
20
Rule
Severity: High
Verify and Correct File Permissions with RPM
26
Rule
Severity: Medium
Install AIDE
20
Rule
Severity: Medium
Configure Periodic Execution of AIDE
17
Rule
Severity: High
Configure System Cryptography Policy
16
Rule
Severity: High
Configure Libreswan to use System Crypto Policy
16
Rule
Severity: Medium
Configure OpenSSL library to use System Crypto Policy
16
Rule
Severity: Medium
Configure SSH to use System Crypto Policy
22
Rule
Severity: Medium
Build and Test AIDE Database
12
Rule
Severity: Medium
Configure Notification of Post-AIDE Scan Details
10
Rule
Severity: Medium
Configure AIDE to Use FIPS 140-2 for Validating Hashes
13
Rule
Severity: Low
Configure AIDE to Verify Access Control Lists (ACLs)
13
Rule
Severity: Low
Configure AIDE to Verify Extended Attributes
29
Rule
Severity: Medium
Install the Host Intrusion Prevention System (HIPS) Module
27
Rule
Severity: Low
Ensure /home Located On Separate Partition
27
Rule
Severity: Low
Ensure /tmp Located On Separate Partition
27
Rule
Severity: Low
Ensure /var Located On Separate Partition
27
Rule
Severity: Low
Ensure /var/log Located On Separate Partition
5
Rule
Severity: Medium
Install the dracut-fips-aesni Package
5
Rule
Severity: Medium
Install the dracut-fips Package
13
Rule
Severity: High
Ensure '/etc/system-fips' exists
27
Rule
Severity: Low
Ensure /var/log/audit Located On Separate Partition
29
Rule
Severity: Medium
Ensure Users Re-Authenticate for Privilege Escalation - sudo !authenticate
5
Rule
Severity: High
Enable FIPS Mode in GRUB2
12
Rule
Severity: Medium
Harden SSHD Crypto Policy
15
Rule
Severity: High
The Installed Operating System Is Vendor Supported
9
Rule
Severity: High
Install Virus Scanning Software
29
Rule
Severity: Medium
Ensure Users Re-Authenticate for Privilege Escalation - sudo NOPASSWD
29
Rule
Severity: Medium
Ensure Users Re-Authenticate for Privilege Escalation - sudo
14
Rule
Severity: High
Install Intrusion Detection Software
5
Rule
Severity: Medium
Enable nails Service
8
Rule
Severity: High
Install McAfee Virus Scanning Software
14
Rule
Severity: High
Ensure gpgcheck Enabled In Main yum Configuration
13
Rule
Severity: High
Ensure Red Hat GPG Key Installed
21
Rule
Severity: Medium
Ensure Software Patches Installed
5
Rule
Severity: Medium
Virus Scanning Software Definitions Are Updated
7
Rule
Severity: Medium
Install the Asset Configuration Compliance Module (ACCM)
7
Rule
Severity: Medium
Install the Policy Auditor (PA) Module
15
Rule
Severity: High
Encrypt Partitions
18
Rule
Severity: Medium
Ensure PAM Enforces Password Requirements - Minimum Different Categories
20
Rule
Severity: Medium
Ensure PAM Enforces Password Requirements - Minimum Length
19
Rule
Severity: Medium
Ensure PAM Enforces Password Requirements - Authentication Retry Prompts Permitted Per-Session
20
Rule
Severity: Medium
Set PAM''s Password Hashing Algorithm
18
Rule
Severity: Medium
Require Authentication for Emergency Systemd Target
13
Rule
Severity: Medium
Remove the GDM Package Group
11
Rule
Severity: High
Disable the GNOME3 Login Restart and Shutdown Buttons
15
Rule
Severity: Medium
Disable the GNOME3 Login User List
11
Rule
Severity: High
Disable GDM Automatic Login
8
Rule
Severity: High
Disable GDM Guest Login
11
Rule
Severity: Medium
Disable GNOME3 Automounting
18
Rule
Severity: Medium
Require Authentication for Single User Mode
22
Rule
Severity: Medium
Set Account Expiration Following Inactivity
12
Rule
Severity: Medium
Disable GNOME3 Automount Opening
12
Rule
Severity: Low
Disable GNOME3 Automount running
10
Rule
Severity: Unknown
Disable All GNOME3 Thumbnailers
12
Rule
Severity: Medium
Require Encryption for Remote Access in GNOME3
30
Rule
Severity: Medium
Set Password Maximum Age
27
Rule
Severity: Medium
Set Password Minimum Age
13
Rule
Severity: Medium
Enable GNOME3 Screensaver Idle Activation
10
Rule
Severity: Medium
Ensure Users Cannot Change GNOME3 Screensaver Idle Activation
11
Rule
Severity: Medium
Set GNOME3 Screensaver Inactivity Timeout
29
Rule
Severity: Medium
Set Password Minimum Length in login.defs
20
Rule
Severity: Medium
Set Existing Passwords Maximum Age
17
Rule
Severity: Medium
Set Existing Passwords Minimum Age
30
Rule
Severity: Medium
Set Password Warning Age
29
Rule
Severity: Medium
Verify All Account Password Hashes are Shadowed
12
Rule
Severity: Medium
Set GNOME3 Screensaver Lock Delay After Activation Period
14
Rule
Severity: Medium
Enable GNOME3 Screensaver Lock After Idle Period
11
Rule
Severity: Medium
Ensure Users Cannot Change GNOME3 Screensaver Lock After Idle Period
30
Rule
Severity: Low
All GIDs referenced in /etc/passwd must be defined in /etc/group
29
Rule
Severity: High
Prevent Login to Accounts With Empty Password
13
Rule
Severity: Medium
Implement Blank Screensaver
11
Rule
Severity: Medium
Ensure Users Cannot Change GNOME3 Screensaver Settings
13
Rule
Severity: Medium
Ensure Users Cannot Change GNOME3 Session Idle Settings
28
Rule
Severity: Medium
Verify No netrc Files Exist
13
Rule
Severity: High
Disable Ctrl-Alt-Del Reboot Key Sequence in GNOME3
18
Rule
Severity: Medium
Install sudo Package
29
Rule
Severity: Medium
Direct root Logins Not Allowed
21
Rule
Severity: Medium
Ensure that System Accounts Do Not Run a Shell Upon Login
29
Rule
Severity: Medium
Restrict Serial Port Root Logins
29
Rule
Severity: Medium
Restrict Virtual Console Root Logins
30
Rule
Severity: Medium
Ensure the Logon Failure Delay is Set Correctly in login.defs
29
Rule
Severity: Low
Limit the Number of Concurrent Login Sessions Allowed Per User
22
Rule
Severity: Medium
Set Interactive Session Timeout
9
Rule
Severity: Low
Ensure yum Removes Previous Package Versions
58
Rule
Severity: Medium
Ensure that User Home Directories are not Group-Writable or World-Readable
54
Rule
Severity: Medium
Ensure that Root's Path Does Not Include World or Group-Writable Directories
54
Rule
Severity: Unknown
Ensure that Root's Path Does Not Include Relative Paths or Null Directories
20
Rule
Severity: Medium
Ensure the Default Bash Umask is Set Correctly
27
Rule
Severity: Medium
Ensure the Default Umask is Set Correctly in login.defs
27
Rule
Severity: Medium
Ensure the Default Umask is Set Correctly in /etc/profile
28
Rule
Severity: Medium
Ensure the audit Subsystem is Installed
14
Rule
Severity: High
Ensure gpgcheck Enabled for Local Packages
10
Rule
Severity: High
Ensure gpgcheck Enabled for All yum Package Repositories
8
Rule
Severity: High
Ensure gpgcheck Enabled for Repository Metadata
29
Rule
Severity: Medium
Enable auditd Service
30
Rule
Severity: Medium
Make the auditd Configuration Immutable
30
Rule
Severity: Medium
Record Events that Modify the System's Mandatory Access Controls
30
Rule
Severity: Medium
Record Events that Modify the System's Mandatory Access Controls in usr/share
29
Rule
Severity: Medium
Ensure auditd Collects Information on Exporting to Media (successful)
30
Rule
Severity: Medium
Record Events that Modify the System's Network Environment
30
Rule
Severity: Medium
Record Attempts to Alter Process and Session Initiation Information
15
Rule
Severity: Medium
Lock Accounts After Failed Password Attempts
12
Rule
Severity: Medium
Configure the root Account for Failed Password Attempts
14
Rule
Severity: Medium
Set Interval For Counting Failed Password Attempts
28
Rule
Severity: Medium
Ensure auditd Collects System Administrator Actions
15
Rule
Severity: Medium
Set Lockout Time for Failed Password Attempts
29
Rule
Severity: Medium
Record Events that Modify User/Group Information
16
Rule
Severity: Medium
Ensure PAM Enforces Password Requirements - Minimum Digit Characters
13
Rule
Severity: Medium
Ensure PAM Enforces Password Requirements - Minimum Different Characters
16
Rule
Severity: Medium
Ensure PAM Enforces Password Requirements - Minimum Lowercase Characters
29
Rule
Severity: Medium
System Audit Logs Must Have Mode 0750 or Less Permissive
40
Rule
Severity: Medium
System Audit Logs Must Be Owned By Root
12
Rule
Severity: Medium
Ensure PAM Enforces Password Requirements - Maximum Consecutive Repeating Characters from Same Character Class
12
Rule
Severity: Medium
Set Password Maximum Consecutive Repeating Characters
28
Rule
Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - chmod
28
Rule
Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - chown
16
Rule
Severity: Medium
Ensure PAM Enforces Password Requirements - Minimum Special Characters
28
Rule
Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - fchmod
16
Rule
Severity: Medium
Ensure PAM Enforces Password Requirements - Minimum Uppercase Characters
28
Rule
Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - fchmodat
14
Rule
Severity: Medium
Set Password Hashing Algorithm in /etc/libuser.conf
16
Rule
Severity: Medium
Set Password Hashing Algorithm in /etc/login.defs
28
Rule
Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - fchown
13
Rule
Severity: Medium
Set PAM''s Password Hashing Algorithm - password-auth
28
Rule
Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - fchownat
28
Rule
Severity: High
Disable Ctrl-Alt-Del Burst Action
28
Rule
Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - fremovexattr
17
Rule
Severity: High
Disable Ctrl-Alt-Del Reboot Activation
15
Rule
Severity: Medium
Verify that Interactive Boot is Disabled
28
Rule
Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - fsetxattr
28
Rule
Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - lchown
28
Rule
Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - lremovexattr
5
Rule
Severity: Medium
Install the screen Package
13
Rule
Severity: Medium
Install the opensc Package For Multifactor Authentication
12
Rule
Severity: Medium
Install the pcsc-lite package
14
Rule
Severity: Medium
Install Smart Card Packages For Multifactor Authentication
14
Rule
Severity: Medium
Enable the pcscd Service
14
Rule
Severity: Medium
Configure opensc Smart Card Drivers
28
Rule
Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - lsetxattr
28
Rule
Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - removexattr
5
Rule
Severity: Medium
Configure NSS DB To Use opensc
28
Rule
Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - setxattr
14
Rule
Severity: Medium
Force opensc To Use Defined Smart Card Driver
5
Rule
Severity: Medium
Enable Smart Card Login
23
Rule
Severity: Medium
Ensure auditd Collects File Deletion Events by User
29
Rule
Severity: Medium
Ensure auditd Collects File Deletion Events by User - rename
11
Rule
Severity: Medium
Assign Expiration Date to Emergency Accounts
16
Rule
Severity: Medium
Assign Expiration Date to Temporary Accounts
29
Rule
Severity: Medium
Ensure auditd Collects File Deletion Events by User - renameat
29
Rule
Severity: Medium
Ensure auditd Collects File Deletion Events by User - rmdir
29
Rule
Severity: Medium
Ensure auditd Collects File Deletion Events by User - unlink
8
Rule
Severity: Medium
Set Existing Passwords Warning Age
29
Rule
Severity: Medium
Ensure auditd Collects File Deletion Events by User - unlinkat
9
Rule
Severity: Medium
Set existing passwords a period of inactivity before they been locked
23
Rule
Severity: Medium
Ensure auditd Collects Unauthorized Access Attempts to Files (unsuccessful)
22
Rule
Severity: Medium
Record Unsuccessful Access Attempts to Files - creat
22
Rule
Severity: Medium
Record Unsuccessful Access Attempts to Files - ftruncate
22
Rule
Severity: Medium
Record Unsuccessful Access Attempts to Files - open
23
Rule
Severity: Medium
Record Unsuccessful Access Attempts to Files - open_by_handle_at
22
Rule
Severity: Medium
Record Unsuccessful Access Attempts to Files - openat
23
Rule
Severity: Medium
Record Unsuccessful Access Attempts to Files - truncate
14
Rule
Severity: Medium
Ensure that System Accounts Are Locked
23
Rule
Severity: Medium
Ensure auditd Collects Information on Kernel Module Loading and Unloading
8
Rule
Severity: Unknown
Root Path Must Be Vendor Default
21
Rule
Severity: Medium
Ensure auditd Collects Information on Kernel Module Unloading - delete_module
22
Rule
Severity: Medium
Ensure auditd Collects Information on Kernel Module Loading and Unloading - finit_module
21
Rule
Severity: Medium
Ensure auditd Collects Information on Kernel Module Loading - init_module
13
Rule
Severity: Medium
Ensure the Default C Shell Umask is Set Correctly
29
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands
30
Rule
Severity: Medium
Record attempts to alter time through adjtimex
3
Rule
Severity: Medium
Ensure the audit-libs package as a part of audit Subsystem is Installed
30
Rule
Severity: Medium
Record Attempts to Alter Time Through clock_settime
30
Rule
Severity: Medium
Record attempts to alter time through settimeofday
29
Rule
Severity: Medium
Record Attempts to Alter Time Through stime
29
Rule
Severity: Medium
Record Attempts to Alter the localtime File
19
Rule
Severity: Low
Enable Auditing for Processes Which Start Prior to the Audit Daemon
17
Rule
Severity: Low
Extend Audit Backlog Limit for the Audit Daemon
11
Rule
Severity: Medium
Record Events that Modify User/Group Information via open syscall - /etc/group
11
Rule
Severity: Medium
Record Events that Modify User/Group Information via open_by_handle_at syscall - /etc/group
11
Rule
Severity: Medium
Record Events that Modify User/Group Information via openat syscall - /etc/group
11
Rule
Severity: Medium
Record Events that Modify User/Group Information via open syscall - /etc/gshadow
11
Rule
Severity: Medium
Record Events that Modify User/Group Information via open_by_handle_at syscall - /etc/gshadow
11
Rule
Severity: Medium
Record Events that Modify User/Group Information via openat syscall - /etc/gshadow
11
Rule
Severity: Medium
Record Events that Modify User/Group Information via open syscall - /etc/passwd
11
Rule
Severity: Medium
Record Events that Modify User/Group Information via open_by_handle_at syscall - /etc/passwd
29
Rule
Severity: Medium
Configure auditd to use audispd's syslog plugin
59
Rule
Severity: Medium
Configure auditd Disk Error Action on Disk Error
58
Rule
Severity: Medium
Configure auditd Disk Full Action when Disk Space Is Full
11
Rule
Severity: Medium
Record Events that Modify User/Group Information via openat syscall - /etc/passwd
11
Rule
Severity: Medium
Record Events that Modify User/Group Information via open syscall - /etc/shadow
11
Rule
Severity: Medium
Record Events that Modify User/Group Information via open_by_handle_at syscall - /etc/shadow
11
Rule
Severity: Medium
Record Events that Modify User/Group Information via openat syscall - /etc/shadow
26
Rule
Severity: Medium
Configure auditd mail_acct Action on Low Disk Space
30
Rule
Severity: Medium
Configure auditd admin_space_left Action on Low Disk Space
28
Rule
Severity: Medium
Configure auditd Max Log File Size
57
Rule
Severity: Medium
Configure auditd max_log_file_action Upon Reaching Maximum Log Size
30
Rule
Severity: Medium
Configure auditd Number of Logs Retained
30
Rule
Severity: Medium
Configure auditd space_left Action on Low Disk Space
19
Rule
Severity: Medium
Verify /boot/grub2/grub.cfg Group Ownership
19
Rule
Severity: Medium
Verify /boot/grub2/grub.cfg User Ownership
18
Rule
Severity: Medium
Verify /boot/grub2/grub.cfg Permissions
12
Rule
Severity: Medium
Shutdown System When Auditing Failures Occur
20
Rule
Severity: High
Set Boot Loader Password in grub2
12
Rule
Severity: Medium
Verify the UEFI Boot Loader grub.cfg Group Ownership
12
Rule
Severity: Medium
Verify the UEFI Boot Loader grub.cfg User Ownership
12
Rule
Severity: Medium
Verify the UEFI Boot Loader grub.cfg Permissions
20
Rule
Severity: High
Set the UEFI Boot Loader Password
27
Rule
Severity: Medium
Ensure rsyslog is Installed
20
Rule
Severity: Medium
Record Events that Modify User/Group Information - /etc/group
20
Rule
Severity: Medium
Record Events that Modify User/Group Information - /etc/gshadow
28
Rule
Severity: Medium
Enable rsyslog Service
19
Rule
Severity: Medium
Record Events that Modify User/Group Information - /etc/security/opasswd
29
Rule
Severity: Medium
Ensure Log Files Are Owned By Appropriate Group
29
Rule
Severity: Medium
Ensure Log Files Are Owned By Appropriate User
29
Rule
Severity: Medium
Ensure System Log Files Have Correct Permissions
29
Rule
Severity: Medium
Ensure logrotate is Installed
29
Rule
Severity: Medium
Ensure Logrotate Runs Periodically
29
Rule
Severity: Medium
Ensure syslog-ng is Installed
20
Rule
Severity: Medium
Record Events that Modify User/Group Information - /etc/passwd
29
Rule
Severity: Medium
Enable syslog-ng Service
30
Rule
Severity: Unknown
Enable rsyslog to Accept Messages via TCP, if Acting As Log Server
20
Rule
Severity: Medium
Record Events that Modify User/Group Information - /etc/shadow
12
Rule
Severity: Medium
Record Access Events to Audit Log Directory
30
Rule
Severity: Unknown
Enable rsyslog to Accept Messages via UDP, if Acting As Log Server
27
Rule
Severity: Medium
Ensure Logs Sent To Remote Host
16
Rule
Severity: Medium
Install firewalld Package
20
Rule
Severity: Medium
Verify firewalld Enabled
20
Rule
Severity: Medium
Install libreswan Package
17
Rule
Severity: Medium
System Audit Logs Must Have Mode 0640 or Less Permissive
30
Rule
Severity: Medium
Verify ip6tables Enabled if Using IPv6
30
Rule
Severity: Medium
Verify iptables Enabled
29
Rule
Severity: Medium
Set Default ip6tables Policy for Incoming Packets
30
Rule
Severity: Medium
Set Default iptables Policy for Incoming Packets
29
Rule
Severity: Medium
Set Default iptables Policy for Forwarded Packets
29
Rule
Severity: Medium
Disable IPv6 Networking Support Automatic Loading
29
Rule
Severity: Medium
Disable IPv6 Addressing on All IPv6 Interfaces
29
Rule
Severity: Medium
Disable IPv6 Addressing on IPv6 Interfaces by Default
18
Rule
Severity: Medium
Configure Accepting Router Advertisements on All IPv6 Interfaces
20
Rule
Severity: Medium
Disable Accepting ICMP Redirects for All IPv6 Interfaces
20
Rule
Severity: Medium
Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv6 Interfaces
19
Rule
Severity: Medium
Disable Kernel Parameter for IPv6 Forwarding
19
Rule
Severity: Medium
Disable Accepting Router Advertisements on all IPv6 Interfaces by Default
17
Rule
Severity: Medium
Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv6 Interfaces
22
Rule
Severity: Medium
Disable Kernel Parameter for Accepting Source-Routed Packets on IPv6 Interfaces by Default
20
Rule
Severity: Medium
Disable Accepting ICMP Redirects for All IPv4 Interfaces
20
Rule
Severity: Medium
Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv4 Interfaces
22
Rule
Severity: Medium
Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces
15
Rule
Severity: Medium
Record Any Attempts to Run chcon
22
Rule
Severity: Medium
Disable Kernel Parameter for Accepting Secure ICMP Redirects on all IPv4 Interfaces
14
Rule
Severity: Medium
Record Any Attempts to Run restorecon
14
Rule
Severity: Medium
Record Any Attempts to Run semanage
21
Rule
Severity: Medium
Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv4 Interfaces
13
Rule
Severity: Medium
Record Any Attempts to Run setfiles
14
Rule
Severity: Medium
Record Any Attempts to Run setsebool
12
Rule
Severity: Medium
Record Any Attempts to Run seunshare
20
Rule
Severity: Medium
Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces by Default
22
Rule
Severity: Medium
Enable Kernel Parameter to Use TCP Syncookies on Network Interfaces
22
Rule
Severity: Medium
Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces
22
Rule
Severity: Medium
Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces by Default
21
Rule
Severity: Medium
Disable Kernel Parameter for IP Forwarding on IPv4 Interfaces
11
Rule
Severity: Medium
Record Unsuccessful Permission Changes to Files - chmod
11
Rule
Severity: Medium
Record Unsuccessful Ownership Changes to Files - chown
19
Rule
Severity: Medium
Disable DCCP Support
28
Rule
Severity: Low
Disable RDS Support
11
Rule
Severity: Medium
Record Unsuccessful Permission Changes to Files - fchmod
11
Rule
Severity: Medium
Record Unsuccessful Permission Changes to Files - fchmodat
11
Rule
Severity: Medium
Record Unsuccessful Ownership Changes to Files - fchown
11
Rule
Severity: Medium
Record Unsuccessful Ownership Changes to Files - fchownat
11
Rule
Severity: Medium
Record Unsuccessful Permission Changes to Files - fremovexattr
11
Rule
Severity: Medium
Record Unsuccessful Permission Changes to Files - fsetxattr
22
Rule
Severity: Medium
Disable SCTP Support
29
Rule
Severity: Low
Disable TIPC Support
21
Rule
Severity: Medium
Deactivate Wireless Network Interfaces
11
Rule
Severity: Medium
Record Unsuccessful Ownership Changes to Files - lchown
11
Rule
Severity: Medium
Record Unsuccessful Permission Changes to Files - lremovexattr
11
Rule
Severity: Medium
Record Unsuccessful Permission Changes to Files - lsetxattr
30
Rule
Severity: Medium
Verify that All World-Writable Directories Have Sticky Bits Set
18
Rule
Severity: Medium
Ensure All SGID Executables Are Authorized
18
Rule
Severity: Medium
Ensure All SUID Executables Are Authorized
30
Rule
Severity: Medium
Ensure No World-Writable Files Exist
22
Rule
Severity: Medium
Ensure All Files Are Owned by a Group
30
Rule
Severity: Medium
Enable Kernel Parameter to Enforce DAC on Hardlinks
30
Rule
Severity: Medium
Enable Kernel Parameter to Enforce DAC on Symlinks
11
Rule
Severity: Medium
Record Unsuccessful Creation Attempts to Files - open_by_handle_at O_CREAT
11
Rule
Severity: Medium
Record Unsuccessful Modification Attempts to Files - open_by_handle_at O_TRUNC_WRITE
30
Rule
Severity: Medium
Verify Group Who Owns group File
28
Rule
Severity: Medium
Verify Group Who Owns gshadow File
11
Rule
Severity: Medium
Ensure auditd Unauthorized Access Attempts To open_by_handle_at Are Ordered Correctly
30
Rule
Severity: Medium
Verify Group Who Owns passwd File
30
Rule
Severity: Medium
Verify Group Who Owns shadow File
11
Rule
Severity: Medium
Record Unsuccessful Creation Attempts to Files - open O_CREAT
30
Rule
Severity: Medium
Verify User Who Owns group File
28
Rule
Severity: Medium
Verify User Who Owns gshadow File
11
Rule
Severity: Medium
Record Unsuccessful Modification Attempts to Files - open O_TRUNC_WRITE
30
Rule
Severity: Medium
Verify User Who Owns passwd File
30
Rule
Severity: Medium
Verify User Who Owns shadow File
11
Rule
Severity: Medium
Ensure auditd Rules For Unauthorized Attempts To open Are Ordered Correctly
30
Rule
Severity: Medium
Verify Permissions on group File
28
Rule
Severity: Medium
Verify Permissions on gshadow File
30
Rule
Severity: Medium
Verify Permissions on passwd File
30
Rule
Severity: Medium
Verify Permissions on shadow File
11
Rule
Severity: Medium
Record Unsuccessful Creation Attempts to Files - openat O_CREAT
11
Rule
Severity: Medium
Record Unsuccessful Modification Attempts to Files - openat O_TRUNC_WRITE
29
Rule
Severity: Medium
Verify that System Executables Have Root Ownership
29
Rule
Severity: Medium
Verify that Shared Library Files Have Root Ownership
11
Rule
Severity: Medium
Ensure auditd Rules For Unauthorized Attempts To openat Are Ordered Correctly
11
Rule
Severity: Medium
Record Unsuccessful Permission Changes to Files - removexattr
29
Rule
Severity: Medium
Verify that System Executables Have Restrictive Permissions
29
Rule
Severity: Medium
Verify that Shared Library Files Have Restrictive Permissions
13
Rule
Severity: Medium
Record Unsuccessful Delete Attempts to Files - rename
23
Rule
Severity: Medium
Disable the Automounter
13
Rule
Severity: Medium
Record Unsuccessful Delete Attempts to Files - renameat
11
Rule
Severity: Medium
Record Unsuccessful Permission Changes to Files - setxattr
27
Rule
Severity: Medium
Add nodev Option to /dev/shm
27
Rule
Severity: Medium
Add nosuid Option to /dev/shm
30
Rule
Severity: Medium
Restrict Exposed Kernel Pointer Addresses Access
13
Rule
Severity: Medium
Record Unsuccessful Delete Attempts to Files - unlink
13
Rule
Severity: Medium
Record Unsuccessful Delete Attempts to Files - unlinkat
30
Rule
Severity: Medium
Enable Randomized Layout of Virtual Address Space
18
Rule
Severity: Medium
Record Attempts to Alter Logon and Logout Events
20
Rule
Severity: Medium
Record Attempts to Alter Logon and Logout Events - faillock
23
Rule
Severity: Medium
Record Attempts to Alter Logon and Logout Events - lastlog
21
Rule
Severity: Medium
Record Attempts to Alter Logon and Logout Events - tallylog
14
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - at
17
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - chage
17
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - chsh
17
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - crontab
17
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - gpasswd
29
Rule
Severity: Low
Disable Avahi Publishing
20
Rule
Severity: Medium
Disable Avahi Server Software
16
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - mount
13
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - newgidmap
13
Rule
Severity: Medium
Disable Automatic Bug Reporting Tool (abrtd)
17
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - newgrp
13
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - newuidmap
15
Rule
Severity: Low
Disable Apache Qpid (qpidd)
17
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - pam_timestamp_check
17
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - passwd
15
Rule
Severity: Medium
Disable Network Router Discovery Daemon (rdisc)
29
Rule
Severity: Medium
Install the cron service
45
Rule
Severity: Medium
Enable cron Service
16
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - postdrop
16
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - postqueue
11
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - pt_chown
16
Rule
Severity: Medium
Disable At Service (atd)
20
Rule
Severity: Medium
Verify Group Who Owns cron.d
20
Rule
Severity: Medium
Verify Group Who Owns cron.daily
20
Rule
Severity: Medium
Verify Group Who Owns cron.hourly
17
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - ssh-keysign
20
Rule
Severity: Medium
Verify Group Who Owns cron.monthly
20
Rule
Severity: Medium
Verify Group Who Owns cron.weekly
20
Rule
Severity: Medium
Verify Group Who Owns Crontab
17
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - su
18
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - sudo
15
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - sudoedit
20
Rule
Severity: Medium
Verify Owner on cron.d
20
Rule
Severity: Medium
Verify Owner on cron.daily
20
Rule
Severity: Medium
Verify Owner on cron.hourly
17
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - umount
20
Rule
Severity: Medium
Verify Owner on cron.monthly
20
Rule
Severity: Medium
Verify Owner on cron.weekly
20
Rule
Severity: Medium
Verify Owner on crontab
20
Rule
Severity: Medium
Verify Permissions on cron.d
20
Rule
Severity: Medium
Verify Permissions on cron.daily
17
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - unix_chkpwd
14
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - userhelper
12
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - usernetctl
20
Rule
Severity: Medium
Verify Permissions on cron.hourly
20
Rule
Severity: Medium
Verify Permissions on cron.monthly
20
Rule
Severity: Medium
Verify Permissions on cron.weekly
20
Rule
Severity: Medium
Verify Permissions on crontab
22
Rule
Severity: Medium
Verify Group Who Owns /etc/cron.allow file
22
Rule
Severity: Medium
Verify User Who Owns /etc/cron.allow file
29
Rule
Severity: High
Uninstall the inet-based telnet server
29
Rule
Severity: High
Uninstall the ssl compliant telnet server
29
Rule
Severity: High
Uninstall the telnet server
29
Rule
Severity: Unknown
Minimize Served Information
14
Rule
Severity: Medium
Configure audispd's Plugin disk_full_action When Disk Is Full
14
Rule
Severity: Medium
Encrypt Audit Records Sent With audispd Plugin
12
Rule
Severity: Medium
Configure audispd's Plugin network_failure_action On Network Failure
13
Rule
Severity: Medium
Disable DHCP Service
22
Rule
Severity: Low
Uninstall bind Package
13
Rule
Severity: Medium
Disable named Service
12
Rule
Severity: Medium
Disable vsftpd Service
12
Rule
Severity: Unknown
Disable httpd Service
28
Rule
Severity: Medium
Configure System to Forward All Mail For The Root Account
13
Rule
Severity: Medium
Configure auditd admin_space_left on Low Disk Space
14
Rule
Severity: Medium
Configure auditd flush priority
14
Rule
Severity: Unknown
Disable Network File System (nfs)
29
Rule
Severity: High
Install the ntp service
30
Rule
Severity: Medium
A remote time server for Chrony is configured
26
Rule
Severity: Medium
Configure auditd space_left on Low Disk Space
27
Rule
Severity: High
Remove Rsh Trust Files
14
Rule
Severity: Unknown
Disable the CUPS Service
29
Rule
Severity: Medium
Install the OpenSSH Server Package
18
Rule
Severity: Medium
Verify Group Who Owns SSH Server config file
18
Rule
Severity: Medium
Verify Owner on SSH Server config file
16
Rule
Severity: Medium
Verify /boot/grub2/user.cfg Group Ownership
20
Rule
Severity: Medium
Verify Permissions on SSH Server config file
29
Rule
Severity: Medium
Verify Permissions on SSH Server Private *_key Key Files
16
Rule
Severity: Medium
Verify /boot/grub2/user.cfg User Ownership
29
Rule
Severity: Medium
Verify Permissions on SSH Server Public *.pub Key Files
14
Rule
Severity: Medium
Verify /boot/grub2/user.cfg Permissions
29
Rule
Severity: Medium
Set SSH Client Alive Count Max to zero
29
Rule
Severity: Medium
Set SSH Client Alive Count Max
12
Rule
Severity: High
Set the Boot Loader Admin Username to a Non-Default Value
58
Rule
Severity: Medium
Set SSH Client Alive Interval
6
Rule
Severity: Medium
Verify /boot/efi/EFI/redhat/user.cfg Group Ownership
7
Rule
Severity: Medium
Verify /boot/efi/EFI/redhat/user.cfg User Ownership
30
Rule
Severity: Medium
Disable Host-Based Authentication
29
Rule
Severity: High
Allow Only SSH Protocol 2
29
Rule
Severity: Medium
Disable Compression Or Set Compression to delayed
7
Rule
Severity: Medium
Verify /boot/efi/EFI/redhat/user.cfg Permissions
29
Rule
Severity: High
Disable SSH Access via Empty Passwords
13
Rule
Severity: Medium
Set the UEFI Boot Loader Admin Username to a Non-Default Value
29
Rule
Severity: Medium
Disable GSSAPI Authentication
29
Rule
Severity: Medium
Disable Kerberos Authentication
30
Rule
Severity: Medium
Disable SSH Support for .rhosts Files
29
Rule
Severity: Medium
Disable SSH Support for Rhosts RSA Authentication
30
Rule
Severity: Medium
Disable SSH Root Login
30
Rule
Severity: Medium
Disable SSH Support for User Known Hosts
29
Rule
Severity: Medium
Do Not Allow SSH Environment Options
29
Rule
Severity: Medium
Enable Use of Strict Mode Checking
57
Rule
Severity: Medium
Enable SSH Warning Banner
13
Rule
Severity: Medium
Ensure cron Is Logging To Rsyslog
29
Rule
Severity: High
Enable Encrypted X11 Forwarding
29
Rule
Severity: Unknown
Limit Users' SSH Access
29
Rule
Severity: Low
Set LogLevel to INFO
30
Rule
Severity: Medium
Set SSH Daemon LogLevel to VERBOSE
29
Rule
Severity: Medium
Enable Use of Privilege Separation
11
Rule
Severity: Medium
Enable logrotate Timer
16
Rule
Severity: Medium
Ensure rsyslog Does Not Accept Remote Messages Unless Acting As Log Server
12
Rule
Severity: Medium
Configure TLS for rsyslog remote logging
11
Rule
Severity: Medium
Configure Multiple DNS Servers in /etc/resolv.conf
5
Rule
Severity: Medium
Disable Client Dynamic DNS Updates
6
Rule
Severity: Unknown
Disable Zeroconf Networking
10
Rule
Severity: Medium
Prevent non-Privileged Users from Modifying Network Interfaces using nmcli
13
Rule
Severity: Medium
Ensure System is Not Acting as a Network Sniffer
11
Rule
Severity: Medium
Configure the Firewalld Ports
4
Rule
Severity: Medium
Configure firewalld To Rate Limit Connections
14
Rule
Severity: Medium
Set Default firewalld Zone for Incoming Packets
13
Rule
Severity: Medium
Verify Any Configured IPSec Tunnel Connections
18
Rule
Severity: Medium
Install iptables Package
9
Rule
Severity: Unknown
Disable Support for RPC IPv6
10
Rule
Severity: Medium
Disable Bluetooth Service
13
Rule
Severity: Medium
Disable Bluetooth Kernel Module
7
Rule
Severity: Unknown
Disable WiFi or Bluetooth in BIOS
9
Rule
Severity: Medium
Ensure All World-Writable Directories Are Owned by a System Account
10
Rule
Severity: Medium
Ensure All World-Writable Directories Are Group Owned by a System Account
18
Rule
Severity: Medium
Ensure All Files Are Owned by a User
7
Rule
Severity: Unknown
Disable Booting from USB Devices in Boot Firmware
8
Rule
Severity: Unknown
Disable Kernel Support for USB via Bootloader Configuration
18
Rule
Severity: Low
Disable Mounting of cramfs
15
Rule
Severity: Low
Disable Mounting of freevxfs
14
Rule
Severity: Low
Disable Mounting of hfs
14
Rule
Severity: Low
Disable Mounting of hfsplus
15
Rule
Severity: Low
Disable Mounting of jffs2
14
Rule
Severity: Low
Disable Mounting of squashfs
14
Rule
Severity: Low
Disable Mounting of udf
19
Rule
Severity: Medium
Disable Modprobe Loading of USB Storage Driver
12
Rule
Severity: Low
Disable Mounting of vFAT filesystems
12
Rule
Severity: Medium
Add nodev Option to /boot
14
Rule
Severity: Medium
Add nosuid Option to /boot
17
Rule
Severity: Medium
Add noexec Option to /dev/shm
16
Rule
Severity: Medium
Add nosuid Option to /home
14
Rule
Severity: Medium
Add nodev Option to Non-Root Local Partitions
17
Rule
Severity: Medium
Add nodev Option to Removable Media Partitions
17
Rule
Severity: Medium
Add noexec Option to Removable Media Partitions
16
Rule
Severity: Medium
Add nosuid Option to Removable Media Partitions
17
Rule
Severity: Medium
Add nodev Option to /tmp
16
Rule
Severity: Medium
Add noexec Option to /tmp
17
Rule
Severity: Medium
Add nosuid Option to /tmp
13
Rule
Severity: Medium
Add nodev Option to /var/log/audit
13
Rule
Severity: Medium
Add noexec Option to /var/log/audit
13
Rule
Severity: Medium
Add nosuid Option to /var/log/audit
13
Rule
Severity: Medium
Add nodev Option to /var/log
15
Rule
Severity: Medium
Add noexec Option to /var/log
15
Rule
Severity: Medium
Add nosuid Option to /var/log
13
Rule
Severity: Medium
Add nodev Option to /var
10
Rule
Severity: Unknown
Bind Mount /var/tmp To /tmp
6
Rule
Severity: Unknown
Set Daemon Umask
12
Rule
Severity: Medium
Enable ExecShield via sysctl
16
Rule
Severity: Medium
Enable NX or XD Support in the BIOS
11
Rule
Severity: Unknown
Install PAE Kernel on Supported 32-bit x86 Systems
12
Rule
Severity: Medium
Enable page allocator poisoning
12
Rule
Severity: Medium
Enable SLUB/SLAB allocator poisoning
11
Rule
Severity: Medium
Ensure No Device Files are Unlabeled by SELinux
17
Rule
Severity: Medium
Ensure No Daemons are Unconfined by SELinux
10
Rule
Severity: Medium
Enable the fips_mode SELinux Boolean
5
Rule
Severity: Low
Check Avahi Responses' TTL Field
5
Rule
Severity: Low
Serve Avahi Only via Required Protocol
5
Rule
Severity: Medium
Prevent Other Programs from Using Avahi's Port
5
Rule
Severity: Low
Restrict Information Published by Avahi
9
Rule
Severity: Medium
Uninstall avahi-autoipd Server Package
11
Rule
Severity: Medium
Uninstall avahi Server Package
5
Rule
Severity: Low
Install the psacct package
3
Rule
Severity: Low
Enable IRQ Balance (irqbalance)
5
Rule
Severity: Low
Enable Process Accounting (psacct)
5
Rule
Severity: Medium
Disable Advanced Configuration and Power Interface (acpid)
5
Rule
Severity: Low
Disable Certmonger Service (certmonger)
3
Rule
Severity: Low
Disable Control Group Config (cgconfig)
3
Rule
Severity: Low
Disable Control Group Rules Engine (cgred)
5
Rule
Severity: Low
Disable CPU Speed (cpupower)
15
Rule
Severity: Medium
Disable KDump Kernel Crash Analyzer (kdump)
5
Rule
Severity: Low
Disable Software RAID Monitor (mdmonitor)
3
Rule
Severity: Low
Disable D-Bus IPC Service (messagebus)
5
Rule
Severity: Low
Disable Network Console (netconsole)
13
Rule
Severity: Low
Disable ntpdate Service (ntpdate)
13
Rule
Severity: Medium
Disable Odd Job Daemon (oddjobd)
5
Rule
Severity: Low
Disable Portreserve (portreserve)
5
Rule
Severity: Low
Disable Quota Netlink (quota_nld)
7
Rule
Severity: Low
Disable Red Hat Network Service (rhnsd)
5
Rule
Severity: Low
Disable Red Hat Subscription Manager Daemon (rhsmcertd)
5
Rule
Severity: Low
Disable Cyrus SASL Authentication Daemon (saslauthd)
3
Rule
Severity: Low
Disable SMART Disk Monitoring Service (smartd)
5
Rule
Severity: Low
Disable System Statistics Reset Service (sysstat)
6
Rule
Severity: Unknown
Disable anacron Service
5
Rule
Severity: Unknown
Configure Logging
5
Rule
Severity: Unknown
Deny BOOTP Queries
5
Rule
Severity: Unknown
Deny Decline Messages
5
Rule
Severity: Unknown
Do Not Use Dynamic DNS
5
Rule
Severity: Unknown
Disable DHCP Client in ifcfg
15
Rule
Severity: Medium
Uninstall DHCP Server Package
5
Rule
Severity: Medium
Authenticate Zone Transfers
16
Rule
Severity: High
Uninstall vsftpd Package
6
Rule
Severity: Medium
Restrict Access to Anonymous Users if Possible
6
Rule
Severity: Low
Install vsftpd Package
13
Rule
Severity: Unknown
Uninstall httpd Package
5
Rule
Severity: Medium
Set Permissions on the /var/log/httpd/ Directory
7
Rule
Severity: Unknown
Set Permissions on All Configuration Files Inside /etc/httpd/conf.d/
7
Rule
Severity: Unknown
Set Permissions on All Configuration Files Inside /etc/httpd/conf/
7
Rule
Severity: Unknown
Set Permissions on All Configuration Files Inside /etc/httpd/conf.modules.d/
5
Rule
Severity: Unknown
Set httpd ServerSignature Directive to Off
5
Rule
Severity: Unknown
Set httpd ServerTokens Directive to Prod
8
Rule
Severity: Medium
Enable the LDAP Client For Use in Authconfig
8
Rule
Severity: Medium
Configure LDAP Client to Use TLS For All Transactions
5
Rule
Severity: Medium
Configure Certificate Directives for LDAP Use of TLS
14
Rule
Severity: Low
Uninstall openldap-servers Package
14
Rule
Severity: Medium
Uninstall Sendmail Package
16
Rule
Severity: Medium
Disable Postfix Network Listening
10
Rule
Severity: Medium
Mount Remote Filesystems with Kerberos Security
11
Rule
Severity: Medium
Mount Remote Filesystems with nodev
13
Rule
Severity: Medium
Mount Remote Filesystems with noexec
6
Rule
Severity: Unknown
Restrict NFS Clients to Privileged Ports
12
Rule
Severity: Medium
Use Kerberos Security on All Exports
30
Rule
Severity: Medium
Enable the NTP Daemon
16
Rule
Severity: High
Enable the NTP Daemon
16
Rule
Severity: Medium
Configure Time Service Maxpoll Interval
12
Rule
Severity: Medium
Specify Additional Remote NTP Servers
27
Rule
Severity: Medium
Specify a Remote NTP Server
14
Rule
Severity: Unknown
Specify Additional Remote NTP Servers
4
Rule
Severity: Medium
Install tcp_wrappers Package
17
Rule
Severity: Low
Uninstall xinetd Package
13
Rule
Severity: Medium
Disable xinetd Service
14
Rule
Severity: High
Uninstall ypserv Package
8
Rule
Severity: Medium
Disable ypbind Service
16
Rule
Severity: High
Uninstall rsh-server Package
9
Rule
Severity: High
Disable rexec Service
12
Rule
Severity: High
Disable rlogin Service
8
Rule
Severity: High
Disable rsh Service
15
Rule
Severity: High
Uninstall telnet-server Package
12
Rule
Severity: High
Disable telnet Service
15
Rule
Severity: High
Uninstall tftp-server Package
6
Rule
Severity: High
Disable tftp Service
12
Rule
Severity: Unknown
Uninstall CUPS Package
5
Rule
Severity: Unknown
Disable Printer Browsing Entirely if Possible
5
Rule
Severity: Unknown
Disable Print Server Capabilities
10
Rule
Severity: Low
Uninstall quagga Package
9
Rule
Severity: Medium
Disable Quagga Service
14
Rule
Severity: Medium
Enable the OpenSSH Service
11
Rule
Severity: Medium
Use Only FIPS 140-2 Validated Ciphers
11
Rule
Severity: Medium
Use Only FIPS 140-2 Validated MACs
7
Rule
Severity: Medium
Install the SSSD Package
8
Rule
Severity: Medium
Enable the SSSD Service
8
Rule
Severity: Medium
Configure PAM in SSSD Services
11
Rule
Severity: Medium
Configure SSSD's Memory Cache to Expire
17
Rule
Severity: Medium
Configure SSSD to Expire Offline Credentials
9
Rule
Severity: Medium
Configure SSSD to Expire SSH Known Hosts
7
Rule
Severity: Medium
Configure SSSD LDAP Backend Client CA Certificate
7
Rule
Severity: Medium
Configure SSSD LDAP Backend Client CA Certificate Location
7
Rule
Severity: Medium
Configure SSSD LDAP Backend Client to Demand a Valid Certificate from the Server
7
Rule
Severity: High
Configure SSSD LDAP Backend to Use TLS For All Transactions
18
Rule
Severity: Medium
Remove the X Windows Package Group
14
Rule
Severity: Medium
Disable X Windows Startup By Setting Default Target
9
Rule
Severity: High
Enable Dracut FIPS Module
9
Rule
Severity: High
Enable FIPS Mode
9
Rule
Severity: High
Set kernel parameter 'crypto.fips_enabled' to 1
9
Rule
Severity: Medium
Configure dnf-automatic to Install Available Updates Automatically
9
Rule
Severity: Low
Configure dnf-automatic to Install Only Security Updates
9
Rule
Severity: Medium
Enable dnf-automatic Timer
12
Rule
Severity: Medium
Ensure PAM Enforces Password Requirements - Prevent the Use of Dictionary Words
7
Rule
Severity: Medium
Ensure PAM Enforces Password Requirements - Enforce for root User
10
Rule
Severity: Medium
Configure Logind to terminate idle sessions after certain time of inactivity
9
Rule
Severity: Medium
Install the tmux Package
8
Rule
Severity: Medium
Configure the tmux Lock Command
3
Rule
Severity: Low
Ensure dnf Removes Previous Package Versions
5
Rule
Severity: High
Ensure gpgcheck Enabled In Main dnf Configuration
4
Rule
Severity: High
Ensure gpgcheck Enabled for All dnf Package Repositories
6
Rule
Severity: Medium
System Audit Directories Must Be Group Owned By Root
6
Rule
Severity: Medium
System Audit Directories Must Be Owned By Root
11
Rule
Severity: Medium
System Audit Logs Must Be Group Owned By Root
2
Rule
Severity: Medium
Install iptables-services Package
6
Rule
Severity: Medium
Disable Kernel cfg80211 Module
6
Rule
Severity: Medium
Disable Kernel iwlmvm Module
6
Rule
Severity: Medium
Disable Kernel iwlwifi Module
6
Rule
Severity: Medium
Disable Kernel mac80211 Module
4
Rule
Severity: Medium
Enable Kernel Parameter to Enforce DAC on FIFOs
4
Rule
Severity: Medium
Enable Kernel Parameter to Enforce DAC on Regular files
8
Rule
Severity: Medium
Disable the use of user namespaces
8
Rule
Severity: Medium
Install fapolicyd Package
7
Rule
Severity: Medium
Enable the File Access Policy Service
10
Rule
Severity: Unknown
Uninstall nginx Package
1
Rule
Severity: High
Ensure Fedora GPG Key Installed
1
Rule
Severity: Medium
Record Access Events to Kubernetes Audit Log Directory
1
Rule
Severity: Medium
Record Access Events to OAuth Audit Log Directory
1
Rule
Severity: Medium
Record Access Events to OpenShift Audit Log Directory
1
Rule
Severity: Medium
The Kubernetes Audit Logs Directory Must Have Mode 0700
1
Rule
Severity: Medium
The OAuth Audit Logs Directory Must Have Mode 0700
1
Rule
Severity: Medium
The OpenShift Audit Logs Directory Must Have Mode 0700
1
Rule
Severity: Medium
Kubernetes Audit Logs Must Be Owned By Root
1
Rule
Severity: Medium
OAuth Audit Logs Must Be Owned By Root
1
Rule
Severity: Medium
OpenShift Audit Logs Must Be Owned By Root
1
Rule
Severity: Medium
Kubernetes Audit Logs Must Have Mode 0600
1
Rule
Severity: Medium
OAuth Audit Logs Must Have Mode 0600
1
Rule
Severity: Medium
OpenShift Audit Logs Must Have Mode 0600
3
Rule
Severity: High
Ensure Oracle Linux GPG Key Installed
1
Rule
Severity: Medium
Extend Audit Backlog Limit for the Audit Daemon
1
Rule
Severity: Medium
Enable Auditing for Processes Which Start Prior to the Audit Daemon
3
Rule
Severity: Medium
Install the OpenSSH Client and Server Package
1
Rule
Severity: Medium
Install iptables-nft Package
1
Rule
Severity: Medium
Disable Kernel Support for USB via Bootloader Configuration
2
Rule
Severity: Low
Ensure zypper Removes Previous Package Versions
2
Rule
Severity: High
Ensure gpgcheck Enabled In Main zypper Configuration
2
Rule
Severity: High
Ensure gpgcheck Enabled for All zypper Package Repositories
2
Rule
Severity: High
Ensure SUSE GPG Key Installed
2
Rule
Severity: Medium
Configure the root Account lock for Failed Password Attempts via pam_tally2
2
Rule
Severity: Medium
Set Lockout Time for Failed Password Attempts using pam_tally2
1
Rule
Severity: Medium
Ensure the libaudit1 package as a part of audit Subsystem is Installed
1
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - unix2_chkpwd
6
Rule
Severity: High
Enable systemd_timesyncd Service
2
Rule
Severity: Low
Ensure apt_get Removes Previous Package Versions
3
Rule
Severity: Medium
Install the pam_apparmor Package
5
Rule
Severity: Medium
Ensure AppArmor is Active and Configured
2
Rule
Severity: Medium
Install strongswan Package
2
Rule
Severity: Medium
Uninstall DHCP Client Package
2
Rule
Severity: Medium
Chrony Configure Pool and Server
2
Rule
Severity: Low
Uninstall tcpd Package
2
Rule
Severity: Medium
Verify /boot/grub/grub.cfg User Ownership
2
Rule
Severity: Medium
Verify /boot/grub/grub.cfg Permissions
2
Rule
Severity: High
Install the systemd_timesyncd Service
8
Rule
Severity: Low
Uninstall 389-ds-base Package
1
Rule
Severity: Medium
Configure Systemd Timer Execution of AIDE
Patternfly
PatternFly elements
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Modules