Guide to the Secure Configuration of Red Hat Enterprise Linux 10
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Verify User Who Owns /etc/ipsec.secrets File
To properly set the owner of/etc/ipsec.secrets, run the command:$ sudo chown root /etc/ipsec.secrets
Rule Medium Severity -
Verify Permissions On /etc/ipsec.conf File
To properly set the permissions of/etc/ipsec.conf, run the command:$ sudo chmod 0644 /etc/ipsec.conf
Rule Medium Severity -
Verify Permissions On /etc/ipsec.secrets File
To properly set the permissions of/etc/ipsec.secrets, run the command:$ sudo chmod 0644 /etc/ipsec.secrets
Rule Medium Severity -
Verify Any Configured IPSec Tunnel Connections
Libreswan provides an implementation of IPsec and IKE, which permits the creation of secure tunnels over untrusted networks. As such, IPsec can be ...Rule Medium Severity -
net.ipv6.conf.default.accept_redirects
Toggle ICMP Redirect Acceptance By DefaultValue -
net.ipv6.conf.default.accept_source_route
Trackers could be using source-routed packets to generate traffic that seems to be intra-net, but actually was created outside and has been redirec...Value -
net.ipv6.conf.default.autoconf
Enable auto configuration on IPv6 interfacesValue -
net.ipv6.conf.default.max_addresses
Maximum number of autoconfigured IPv6 addressesValue -
net.ipv6.conf.default.router_solicitations
Accept all router solicitations by default?Value -
Install Smart Card Packages For Multifactor Authentication
Configure the operating system to implement multifactor authentication by installing the required package with the following command:Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules