Red Hat Enterprise Linux 8 Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
The RHEL 8 fapolicy module must be enabled.
The organization must identify authorized software programs and permit execution of authorized software. The process used to identify software programs that are authorized to execute on organizatio...Rule Medium Severity -
The RHEL 8 fapolicy module must be configured to employ a deny-all, permit-by-exception policy to allow the execution of authorized software programs.
The organization must identify authorized software programs and permit execution of authorized software. The process used to identify software programs that are authorized to execute on organizatio...Rule Medium Severity -
RHEL 8 must enable the USBGuard.
Without authenticating devices, unidentified or unknown devices may be introduced, thereby facilitating malicious activity. Peripherals include, but are not limited to, such devices as flash drive...Rule Medium Severity -
All RHEL 8 networked systems must have SSH installed.
Without protection of the transmitted information, confidentiality and integrity may be compromised because unprotected communications can be intercepted and either read or altered. This requirem...Rule Medium Severity -
RHEL 8 must ignore IPv4 Internet Control Message Protocol (ICMP) redirect messages.
ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages modify the host's route table and are unauthenticated. An ill...Rule Medium Severity -
RHEL 8 must not enable IPv4 packet forwarding unless the system is a router.
Routing protocol daemons are typically used on routers to exchange network topology information with other routers. If this software is used when not required, system network information may be unn...Rule Medium Severity -
RHEL 8 library directories must have mode 755 or less permissive.
If RHEL 8 were to allow any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robust ch...Rule Medium Severity -
The RHEL 8 operating system must use a file integrity tool to verify correct operation of all security functions.
Without verification of the security functions, security functions may not operate correctly, and the failure may go unnoticed. Security function is defined as the hardware, software, and/or firmwa...Rule Medium Severity -
RHEL 8 must specify the default "include" directory for the /etc/sudoers file.
The "sudo" command allows authorized users to run programs (including shells) as other users, system users, and root. The "/etc/sudoers" file is used to configure authorized "sudo" users as well as...Rule Medium Severity -
RHEL 8 systems below version 8.4 must ensure the password complexity module in the system-auth file is configured for three retries or less.
Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resistin...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.