Guide to the Secure Configuration of Red Hat Enterprise Linux 10
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Verify that Shared Library Directories Have Restrictive Permissions
System-wide shared library directories, which contain are linked to executables during process load time or run time, are stored in the following d...Rule Medium Severity -
Verify Group Who Owns /etc/sysctl.d Directory
To properly set the group owner of/etc/sysctl.d, run the command:$ sudo chgrp root /etc/sysctl.d
Rule Medium Severity -
Verify User Who Owns /etc/sysctl.d Directory
To properly set the owner of/etc/sysctl.d, run the command:$ sudo chown root /etc/sysctl.d
Rule Medium Severity -
Verify Permissions On /etc/sysctl.d Directory
To properly set the permissions of/etc/sysctl.d, run the command:$ sudo chmod 0755 /etc/sysctl.d
Rule Medium Severity -
Verify that audit tools are owned by group root
The Red Hat Enterprise Linux 10 operating system audit tools must have the proper ownership configured to protected against unauthorized access. V...Rule Medium Severity -
Ensure the Default C Shell Umask is Set Correctly
To ensure the default umask for users of the C shell is set properly, add or correct the <code>umask</code> setting in <code>/etc/csh.cshrc</code> ...Rule Medium Severity -
Ensure the Default Umask is Set Correctly in login.defs
To ensure the default umask controlled by <code>/etc/login.defs</code> is set properly, add or correct the <code>UMASK</code> setting in <code>/etc...Rule Medium Severity -
Ensure the Default Umask is Set Correctly in /etc/profile
To ensure the default umask controlled by <code>/etc/profile</code> is set properly, add or correct the <code>umask</code> setting in <code>/etc/pr...Rule Medium Severity -
Ensure the Default Umask is Set Correctly For Interactive Users
Remove theUMASKenvironment variable from all interactive users initialization files.Rule Medium Severity -
GRUB2 bootloader configuration
During the boot process, the boot loader is responsible for starting the execution of the kernel and passing options to it. The boot loader allows ...Group -
L1TF vulnerability mitigation
Defines the L1TF vulneratility mitigations to employ.Value -
MDS vulnerability mitigation
Defines the MDS vulneratility mitigation to employ.Value -
Confidence level on Hardware Random Number Generator
Defines the level of trust on the hardware random number generators available in the system and the percentage of entropy to credit.Value -
Spec Store Bypass Mitigation
This controls how the Speculative Store Bypass (SSB) vulnerability is mitigated.Value -
IOMMU configuration directive
On x86 architecture supporting VT-d, the IOMMU manages the access control policy between the hardware devices and some of the system critical u...Rule Unknown Severity -
Configure L1 Terminal Fault mitigations
L1 Terminal Fault (L1TF) is a hardware vulnerability which allows unprivileged speculative access to data which is available in the Level 1 Data Ca...Rule High Severity -
Force kernel panic on uncorrected MCEs
A Machine Check Exception is an error generated by the CPU itdetects an error in itself, memory or I/O devices. These errors may be corrected and g...Rule Medium Severity -
Configure Microarchitectural Data Sampling mitigation
Microarchitectural Data Sampling (MDS) is a hardware vulnerability which allows unprivileged speculative access to data which is available in vario...Rule Medium Severity -
Ensure SMAP is not disabled during boot
The SMAP is used to prevent the supervisor mode from unintentionally reading/writing into memory pages in the user space, it is enabled by default ...Rule Medium Severity -
Set Boot Loader Password in grub2
The grub2 boot loader should have a superuser account and password protection enabled to protect boot-time settings. <br> <br> Since plaint...Rule High Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.