Guide to the Secure Configuration of Red Hat Enterprise Linux 10
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Implement Blank Screensaver
To set the screensaver mode in the GNOME3 desktop to a blank screen, add or set <code>picture-uri</code> to <code>string ''</code> in <code>/etc...Rule Medium Severity -
Ensure Users Cannot Change GNOME3 Screensaver Settings
If not already configured, ensure that users cannot change GNOME3 screensaver lock settings by adding <code>/org/gnome/desktop/screensaver/lock-del...Rule Medium Severity -
Ensure Users Cannot Change GNOME3 Session Idle Settings
If not already configured, ensure that users cannot change GNOME3 session idle settings by adding <code>/org/gnome/desktop/session/idle-delay</code...Rule Medium Severity -
GNOME System Settings
GNOME provides configuration and functionality to a graphical desktop environment that changes grahical configurations or allow a user to perform a...Group -
Disable Ctrl-Alt-Del Reboot Key Sequence in GNOME3
By default, <code>GNOME</code> will reboot the system if the <code>Ctrl-Alt-Del</code> key sequence is pressed. <br> <br> To conf...Rule High Severity -
Sudo
<code>Sudo</code>, which stands for "su 'do'", provides the ability to delegate authority to certain users, groups of users, or system administrato...Group -
Group name dedicated to the use of sudo
Specify the name of the group that should own /usr/bin/sudo.Value -
Sudo - logfile value
Specify the sudo logfile to use. The default value used here matches the example location from CIS, which uses /var/log/sudo.log.Value -
Sudo - timestamp_timeout value
Defines the number of minutes that can elapse before <code>sudo</code> will ask for a passwd again. If set to a value less than 0 the user's time s...Value -
Sudo - umask value
Specify the sudo umask to use. The actual umask value that is used is the union of the user's umask and the sudo umask. The default sudo umask is 0...Value -
Configure dnf-automatic to Install Only Security Updates
To configure <code>dnf-automatic</code> to install only security updates automatically, set <code>upgrade_type</code> to <code>security</code> unde...Rule Low Severity -
Ensure Users Re-Authenticate for Privilege Escalation - sudo NOPASSWD
The sudo <code>NOPASSWD</code> tag, when specified, allows a user to execute commands using sudo without having to authenticate. This should be dis...Rule Medium Severity -
Ensure Users Re-Authenticate for Privilege Escalation - sudo
The sudo <code>NOPASSWD</code> and <code>!authenticate</code> option, when specified, allows a user to execute commands using sudo without having t...Rule Medium Severity -
Require Re-Authentication When Using the sudo Command
The sudo <code>timestamp_timeout</code> tag sets the amount of time sudo password prompt waits. The default <code>timestamp_timeout</code> value is...Rule Medium Severity -
The operating system must restrict privilege elevation to authorized personnel
The sudo command allows a user to execute programs with elevated (administrator) privileges. It prompts the user for their password and confirms yo...Rule Medium Severity -
Explicit arguments in sudo specifications
All commands in the sudoers file must strictly specify the arguments allowed to be used for a given user. If the command is supposed to be executed...Rule Medium Severity -
Don't define allowed commands in sudoers by means of exclusion
Policies applied by sudo through the sudoers file should not involve negation. Each user specification in the <code>sudoers</code> file contains a...Rule Medium Severity -
Don't target root user in the sudoers file
The targeted users of a user specification should be, as much as possible, non privileged users (i.e.: non-root). User specifications have to expl...Rule Medium Severity -
Ensure invoking users password for privilege escalation when using sudo
The sudoers security policy requires that users authenticate themselves before they can use sudo. When sudoers requires authentication, it validate...Rule Medium Severity -
Install cryptsetup Package
Thecryptsetuppackage can be installed with the following command:$ sudo dnf install cryptsetup
Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.