Guide to the Secure Configuration of Red Hat Enterprise Linux 10
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Disable DNS Server
DNS software should be disabled on any systems which does not need to be a nameserver. Note that the BIND DNS server software is not installed on R...Group -
Uninstall bind Package
The <code>named</code> service is provided by the <code>bind</code> package. The <code>bind</code> package can be removed with the following comman...Rule Low Severity -
Application Whitelisting Daemon
Fapolicyd (File Access Policy Daemon) implements application whitelisting to decide file access rights. Applications that are known via a reputatio...Group -
Restrict at and cron to Authorized Users if Necessary
The <code>/etc/cron.allow</code> and <code>/etc/at.allow</code> files contain lists of users who are allowed to use <code>cron</code> and at to del...Group -
Ensure that /etc/at.deny does not exist
The file/etc/at.denyshould not exist. Use/etc/at.allowinstead.Rule Medium Severity -
Ensure that /etc/cron.allow exists
The file/etc/cron.allowshould exist and should be used instead of/etc/cron.deny.Rule Medium Severity -
Ensure that /etc/cron.deny does not exist
The file/etc/cron.denyshould not exist. Use/etc/cron.allowinstead.Rule Medium Severity -
Verify Group Who Owns /etc/at.allow file
If <code>/etc/at.allow</code> exists, it must be group-owned by <code>root</code>. To properly set the group owner of <code>/etc/at.allow</code>, ...Rule Medium Severity -
Verify Group Who Owns /etc/cron.allow file
If <code>/etc/cron.allow</code> exists, it must be group-owned by <code>root</code>. To properly set the group owner of <code>/etc/cron.allow</cod...Rule Medium Severity -
Verify User Who Owns /etc/at.allow file
If <code>/etc/at.allow</code> exists, it must be owned by <code>root</code>. To properly set the owner of <code>/etc/at.allow</code>, run the comm...Rule Medium Severity -
Verify User Who Owns /etc/cron.allow file
If <code>/etc/cron.allow</code> exists, it must be owned by <code>root</code>. To properly set the owner of <code>/etc/cron.allow</code>, run the ...Rule Medium Severity -
Verify Permissions on /etc/at.allow file
If <code>/etc/at.allow</code> exists, it must have permissions <code>0600</code> or more restrictive. To properly set the permissions of <code>/e...Rule Medium Severity -
Verify Permissions on /etc/cron.allow file
If <code>/etc/cron.allow</code> exists, it must have permissions <code>0600</code> or more restrictive. To properly set the permissions of <code>...Rule Medium Severity -
DHCP
The Dynamic Host Configuration Protocol (DHCP) allows systems to request and obtain an IP address and other configuration parameters from a server....Group -
Disable DHCP Server
The DHCP server <code>dhcpd</code> is not installed or activated by default. If the software was installed and activated, but the system does not n...Group -
Ensure LDAP client is not installed
The Lightweight Directory Access Protocol (LDAP) is a service that provides a method for looking up information from a central database. The <code>...Rule Low Severity -
Remove ftp Package
FTP (File Transfer Protocol) is a traditional and widely used standard tool for transferring files between a server and clients over a network, esp...Rule Low Severity -
Disable vsftpd if Possible
To minimize attack surface, disable vsftpd if at all possible.Group -
Uninstall vsftpd Package
Thevsftpdpackage can be removed with the following command:$ sudo dnf remove vsftpd
Rule High Severity -
Web Server
The web server is responsible for providing access to content via the HTTP protocol. Web servers represent a significant security risk because: <br...Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.