Guide to the Secure Configuration of Red Hat Enterprise Linux 10
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Protect Physical Console Access
It is impossible to fully protect a system from an attacker with physical access, so securing the space in which the system is located should be co...Group -
Login timeout for idle sessions
Specify duration of allowed idle time.Value -
Disable debug-shell SystemD Service
SystemD's <code>debug-shell</code> service is intended to diagnose SystemD related boot issues with various <code>systemctl</code> commands. Once e...Rule Medium Severity -
Disable Ctrl-Alt-Del Burst Action
By default, <code>SystemD</code> will reboot the system if the <code>Ctrl-Alt-Del</code> key sequence is pressed Ctrl-Alt-Delete more than 7 times ...Rule High Severity -
Disable Ctrl-Alt-Del Reboot Activation
By default, <code>SystemD</code> will reboot the system if the <code>Ctrl-Alt-Del</code> key sequence is pressed. <br> <br> To conf...Rule High Severity -
Verify that Interactive Boot is Disabled
Red Hat Enterprise Linux 10 systems support an "interactive boot" option that can be used to prevent services from being started. On a Red Hat Ente...Rule Medium Severity -
Configure Logind to terminate idle sessions after certain time of inactivity
To configure <code>logind</code> service to terminate inactive user sessions after <xccdf-1.2:sub idref="xccdf_org.ssgproject.content_value_var_log...Rule Medium Severity -
Require Authentication for Emergency Systemd Target
Emergency mode is intended as a system recovery method, providing a single user root access to the system during a failed boot sequence. <br> ...Rule Medium Severity -
Require Authentication for Single User Mode
Single-user mode is intended as a system recovery method, providing a single user root access to the system by providing a boot option at startup. ...Rule Medium Severity -
Configure Screen Locking
When a user must temporarily leave an account logged-in, screen locking should be employed to prevent passersby from abusing the account. User educ...Group -
Configure Console Screen Locking
A console screen locking mechanism is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the in...Group -
Install the tmux Package
To enable console screen locking, install the <code>tmux</code> package. The <code>tmux</code> package can be installed with the following command:...Rule Medium Severity -
Configure the tmux Lock Command
To enable console screen locking in <code>tmux</code> terminal multiplexer, the <code>vlock</code> command must be configured to be used as a locki...Rule Medium Severity -
Configure the tmux lock session key binding
To set a key binding for the screen locking in <code>tmux</code> terminal multiplexer, the <code>session-lock</code> command must be bound to a key...Rule Low Severity -
Prevent user from disabling the screen lock
Thetmuxterminal multiplexer is used to implement automatic session locking. It should not be listed in/etc/shells.Rule Low Severity -
Hardware Tokens for Authentication
The use of hardware tokens such as smart cards for system login provides stronger, two-factor authentication than using a username and password. I...Group -
OpenSC Smart Card Drivers
Choose the Smart Card Driver in use by your organization. <br>For DoD, choose the <code>cac</code> driver. <br>If your driver is not listed and you...Value -
Install the opensc Package For Multifactor Authentication
Theopenscpackage can be installed with the following command:$ sudo dnf install opensc
Rule Medium Severity -
Install the pcsc-lite package
Thepcsc-litepackage can be installed with the following command:$ sudo dnf install pcsc-lite
Rule Medium Severity -
Install Smart Card Packages For Multifactor Authentication
Configure the operating system to implement multifactor authentication by installing the required package with the following command:Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.