Capacity
CM-6(b)
29
Rule
Severity: High
Ensure There Are No Accounts With Blank or Null Passwords
21
Rule
Severity: Medium
Ensure that System Accounts Do Not Run a Shell Upon Login
13
Rule
Severity: Medium
The operating system must restrict privilege elevation to authorized personnel
13
Rule
Severity: Medium
Ensure invoking users password for privilege escalation when using sudo
20
Rule
Severity: Medium
Disable Accepting ICMP Redirects for All IPv6 Interfaces
19
Rule
Severity: Medium
Disable Kernel Parameter for IPv6 Forwarding
22
Rule
Severity: Medium
Disable Kernel Parameter for Accepting Source-Routed Packets on IPv6 Interfaces by Default
29
Rule
Severity: Medium
Disable X11 Forwarding
9
Rule
Severity: Medium
Disable Kernel Parameter for IPv4 Forwarding on all IPv4 Interfaces
12
Rule
Severity: Medium
Add grpquota Option to /home
14
Rule
Severity: Medium
Add noexec Option to /home
12
Rule
Severity: Medium
Add usrquota Option to /home
11
Rule
Severity: Medium
Ensure tftp Daemon Uses Secure Mode
11
Rule
Severity: Medium
Enable SSH Server firewalld Firewall Exception
13
Rule
Severity: Medium
Prevent remote hosts from connecting to the proxy display
13
Rule
Severity: Medium
Disable graphical user interface
5
Rule
Severity: Medium
Add nosuid Option to /boot/efi
1
Rule
Severity: Medium
Make sure the Container Security Operator is installed
1
Rule
Severity: Medium
System Must Avoid Meltdown and Spectre Exploit Vulnerabilities in Modern Processors
2
Rule
Severity: High
Disable GDM Unattended or Automatic Login
1
Rule
Severity: Medium
The PAM configuration should not be changed automatically
1
Rule
Severity: Medium
Enforce Delay After Failed Logon Attempts
1
Rule
Severity: Medium
Set Password Retry Limit
1
Rule
Severity: Medium
Only Authorized Local User Accounts Exist on Operating System
2
Rule
Severity: High
Verify Only Root Has UID 0
1
Rule
Severity: Medium
Enable auditd Service
1
Rule
Severity: High
Disable Ctrl-Alt-Del Burst Action
1
Rule
Severity: Medium
All Interactive User Home Directories Must Be Group-Owned By The Primary Group
1
Rule
Severity: Medium
Remove Default Configuration to Disable Syscall Auditing
1
Rule
Severity: Medium
Ensure System is Not Acting as a Network Sniffer
2
Rule
Severity: Medium
Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv6 Interfaces
2
Rule
Severity: Medium
Disable Kernel Parameter for IPv6 Forwarding by default
1
Rule
Severity: Medium
Ensure All World-Writable Directories Are Group Owned by a System Account
1
Rule
Severity: Medium
Disable Kernel Parameter for IP Forwarding on IPv4 Interfaces
1
Rule
Severity: High
Disable SSH Access via Empty Passwords
1
Rule
Severity: Medium
Do Not Allow SSH Environment Options
2
Rule
Severity: Medium
NetworkManager DNS Mode Must Be Must Configured
Patternfly
PatternFly elements
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Modules