Guide to the Secure Configuration of Red Hat Enterprise Linux 10
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Group Name Used by pam_wheel Group Parameter
pam_wheel module has a parameter called group, which controls which groups can access the su command. This variable holds the valid value for the p...Value -
Verify Only Root Has UID 0
If any account other than root has a UID of 0, this misconfiguration should be investigated and the accounts other than root should be removed or h...Rule High Severity -
Verify Root Has A Primary GID 0
Therootuser should have a primary group of 0.Rule High Severity -
Ensure the Group Used by pam_wheel.so Module Exists on System and is Empty
Ensure that the group <code><xccdf-1.2:sub idref="xccdf_org.ssgproject.content_value_var_pam_wheel_group_for_su" use="legacy"></xccdf-1.2:sub></cod...Rule Medium Severity -
Ensure Authentication Required for Single User Mode
Single user mode is used for recovery when the system detects an issue during boot or by manual selection from the bootloader.Rule Medium Severity -
Direct root Logins Not Allowed
To further limit access to the <code>root</code> account, administrators can disable root logins at the console by editing the <code>/etc/securetty...Rule Medium Severity -
Ensure that System Accounts Are Locked
Some accounts are not associated with a human user of the system, and exist to perform some administrative functions. An attacker should not be abl...Rule Medium Severity -
Ensure that System Accounts Do Not Run a Shell Upon Login
Some accounts are not associated with a human user of the system, and exist to perform some administrative functions. Should an attacker be able to...Rule Medium Severity -
Enforce Usage of pam_wheel with Group Parameter for su Authentication
To ensure that only users who are members of the group set in the <code>group</code> option of <code>pam_wheel.so</code> module can run commands wi...Rule Medium Severity -
Secure Session Configuration Files for Login Accounts
When a user logs into a Unix account, the system configures the user's session by reading a number of files. Many of these files are located in the...Group -
Maximum login attempts delay
Maximum time in seconds between fail login attempts before re-prompting.Value -
Maximum concurrent login sessions
Maximum number of concurrent sessions by a userValue -
Account Inactivity Timeout (seconds)
In an interactive shell, the value is interpreted as the number of seconds to wait for input after issuing the primary prompt. Bash terminates afte...Value -
Interactive users initialization files
'A regular expression describing a list of file names for files that are sourced at login time for interactive users'Value -
Ensure Home Directories are Created for New Users
All local interactive user accounts, upon creation, should be assigned a home directory. <br> <br> Configure the operating system t...Rule Medium Severity -
Ensure the Logon Failure Delay is Set Correctly in login.defs
To ensure the logon failure delay controlled by <code>/etc/login.defs</code> is set properly, add or correct the <code>FAIL_DELAY</code> setting in...Rule Medium Severity -
Limit the Number of Concurrent Login Sessions Allowed Per User
Limiting the number of allowed users and sessions per user can limit risks related to Denial of Service attacks. This addresses concurrent sessions...Rule Low Severity -
Configure Polyinstantiation of /tmp Directories
To configure polyinstantiated /tmp directories, first create the parent directories which will hold the polyinstantiation child directories. Use th...Rule Low Severity -
Configure Polyinstantiation of /var/tmp Directories
To configure polyinstantiated /tmp directories, first create the parent directories which will hold the polyinstantiation child directories. Use th...Rule Low Severity -
Set Interactive Session Timeout
Setting the <code>TMOUT</code> option in <code>/etc/profile</code> ensures that all user sessions will terminate based on inactivity. The value of ...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.