Remove the GDM Package Group
Disable the GNOME3 Login Restart and Shutdown Buttons
Disable GDM Automatic Login
Disable GNOME3 Automounting
Disable GNOME3 Automount Opening
Disable GNOME3 Automount running
Disable All GNOME3 Thumbnailers
Disable Ctrl-Alt-Del Reboot Key Sequence in GNOME3
Verify ip6tables Enabled if Using IPv6
Set Default ip6tables Policy for Incoming Packets
Set Default iptables Policy for Incoming Packets
Set Default iptables Policy for Forwarded Packets
Disable IPv6 Networking Support Automatic Loading
Disable IPv6 Addressing on All IPv6 Interfaces
Disable IPv6 Addressing on IPv6 Interfaces by Default
Configure Accepting Router Advertisements on All IPv6 Interfaces
Disable Accepting ICMP Redirects for All IPv6 Interfaces
Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv6 Interfaces
Disable Kernel Parameter for IPv6 Forwarding
Disable Accepting Router Advertisements on all IPv6 Interfaces by Default
Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv6 Interfaces
Disable Kernel Parameter for Accepting Source-Routed Packets on IPv6 Interfaces by Default
Disable Accepting ICMP Redirects for All IPv4 Interfaces
Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv4 Interfaces
Enable Kernel Parameter to Log Martian Packets on all IPv4 Interfaces
Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces
Disable Kernel Parameter for Accepting Secure ICMP Redirects on all IPv4 Interfaces
Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv4 Interfaces
Disable Kernel Parameter for Accepting Source-Routed Packets on IPv4 Interfaces by Default
Enable Kernel Paremeter to Log Martian Packets on all IPv4 Interfaces by Default
Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces by Default
Configure Kernel Parameter for Accepting Secure Redirects By Default
Enable Kernel Parameter to Ignore ICMP Broadcast Echo Requests on IPv4 Interfaces
Enable Kernel Parameter to Ignore Bogus ICMP Error Responses on IPv4 Interfaces
Enable Kernel Parameter to Use TCP Syncookies on Network Interfaces
Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces
Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces by Default
Disable Kernel Parameter for IP Forwarding on IPv4 Interfaces
Deactivate Wireless Network Interfaces
Add nodev Option to /dev/shm
Add nosuid Option to /dev/shm
Disable Avahi Server Software
Disable Apache Qpid (qpidd)
Disable Network Router Discovery Daemon (rdisc)
Uninstall the inet-based telnet server
Uninstall the ssl compliant telnet server
Uninstall the telnet server
Minimize Served Information
Disable Network File System (nfs)
Disable Host-Based Authentication
Disable Compression Or Set Compression to delayed
Disable SSH Access via Empty Passwords
Disable GSSAPI Authentication
Disable Kerberos Authentication
Disable SSH Support for .rhosts Files
Disable SSH Support for Rhosts RSA Authentication
Disable SSH Support for User Known Hosts
Do Not Allow SSH Environment Options
Ensure rsyslog Does Not Accept Remote Messages Unless Acting As Log Server
Disable Client Dynamic DNS Updates
Disable Zeroconf Networking
Ensure System is Not Acting as a Network Sniffer
Configure the Firewalld Ports
Set Default firewalld Zone for Incoming Packets
Disable Support for RPC IPv6
Disable Bluetooth Service
Disable Bluetooth Kernel Module
Disable WiFi or Bluetooth in BIOS
Disable Booting from USB Devices in Boot Firmware
Disable Mounting of cramfs
Disable Mounting of freevxfs
Disable Mounting of hfsplus
Disable Mounting of jffs2
Disable Mounting of squashfs
Disable Modprobe Loading of USB Storage Driver
Disable Mounting of vFAT filesystems
Add nodev Option to /boot
Add nosuid Option to /boot
Add noexec Option to /dev/shm
Add nosuid Option to /home
Add nodev Option to Non-Root Local Partitions
Add nodev Option to Removable Media Partitions
Add noexec Option to Removable Media Partitions
Add nosuid Option to Removable Media Partitions
Add noexec Option to /tmp
Add nosuid Option to /tmp
Add nodev Option to /var/log/audit
Add noexec Option to /var/log/audit
Add nosuid Option to /var/log/audit
Add nodev Option to /var/log
Add noexec Option to /var/log
Add nosuid Option to /var/log
Bind Mount /var/tmp To /tmp
Ensure No Device Files are Unlabeled by SELinux
Ensure No Daemons are Unconfined by SELinux
Prevent Other Programs from Using Avahi's Port
Restrict Information Published by Avahi
Uninstall avahi-autoipd Server Package
Uninstall avahi Server Package
Enable IRQ Balance (irqbalance)
Disable Advanced Configuration and Power Interface (acpid)
Disable Certmonger Service (certmonger)
Disable Control Group Config (cgconfig)
Disable Control Group Rules Engine (cgred)
Disable CPU Speed (cpupower)
Disable KDump Kernel Crash Analyzer (kdump)
Disable Software RAID Monitor (mdmonitor)
Disable D-Bus IPC Service (messagebus)
Disable Network Console (netconsole)
Disable ntpdate Service (ntpdate)
Disable Odd Job Daemon (oddjobd)
Disable Portreserve (portreserve)
Disable Quota Netlink (quota_nld)
Disable Red Hat Network Service (rhnsd)
Disable Red Hat Subscription Manager Daemon (rhsmcertd)
Disable Cyrus SASL Authentication Daemon (saslauthd)
Disable SMART Disk Monitoring Service (smartd)
Disable System Statistics Reset Service (sysstat)
Uninstall DHCP Server Package
Authenticate Zone Transfers
Restrict Access to Anonymous Users if Possible
Set Permissions on the /var/log/httpd/ Directory
Set Permissions on All Configuration Files Inside /etc/httpd/conf.d/
Set Permissions on All Configuration Files Inside /etc/httpd/conf/
Set Permissions on All Configuration Files Inside /etc/httpd/conf.modules.d/
Set httpd ServerSignature Directive to Off
Set httpd ServerTokens Directive to Prod
Uninstall openldap-servers Package
Uninstall Sendmail Package
Disable Postfix Network Listening
Mount Remote Filesystems with Kerberos Security
Restrict NFS Clients to Privileged Ports
Use Kerberos Security on All Exports
Uninstall rsh-server Package
Uninstall telnet-server Package
Uninstall tftp-server Package
Disable Printer Browsing Entirely if Possible
Disable Print Server Capabilities
Enable SSH Server firewalld Firewall Exception
Configure SSSD LDAP Backend to Use TLS For All Transactions
Remove the X Windows Package Group
Disable X Windows Startup By Setting Default Target
Disable Kernel cfg80211 Module
Disable Kernel iwlmvm Module
Disable Kernel iwlwifi Module
Disable Kernel mac80211 Module
Uninstall DHCP Client Package
Install firewalld Package
Uninstall 389-ds-base Package