Red Hat Enterprise Linux 9 Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-OS-000250-GPOS-00093
Group -
SRG-OS-000250-GPOS-00093
Group -
SRG-OS-000250-GPOS-00093
Group -
The RHEL 9 SSH server must be configured to use only DOD-approved encryption ciphers employing FIPS 140-3 validated cryptographic hash algorithms to protect the confidentiality of SSH server connections.
Without cryptographic integrity protections, information can be altered by unauthorized users without detection. Remote access (e.g., RDP) is access to DOD nonpublic information systems by an auth...Rule Medium Severity -
SRG-OS-000250-GPOS-00093
Group -
The RHEL 9 SSH server must be configured to use only Message Authentication Codes (MACs) employing FIPS 140-3 validated cryptographic hash algorithms to protect the confidentiality of SSH server connections.
Without cryptographic integrity protections, information can be altered by unauthorized users without detection. Remote access (e.g., RDP) is access to DOD nonpublic information systems by an auth...Rule Medium Severity -
SRG-OS-000480-GPOS-00229
Group -
RHEL 9 must not allow a noncertificate trusted host SSH logon to the system.
SSH trust relationships mean a compromise on one host can allow an attacker to move trivially to other hosts.Rule Medium Severity -
SRG-OS-000480-GPOS-00229
Group -
RHEL 9 must not allow users to override SSH environment variables.
SSH environment options potentially allow users to bypass access restriction in some configurations.Rule Medium Severity -
SRG-OS-000423-GPOS-00187
Group -
SRG-OS-000163-GPOS-00072
Group -
RHEL 9 must be configured so that all network connections associated with SSH traffic terminate after becoming unresponsive.
Terminating an unresponsive SSH session within a short time period reduces the window of opportunity for unauthorized personnel to take control of a management session enabled on the console or con...Rule Medium Severity -
SRG-OS-000126-GPOS-00066
Group -
RHEL 9 must be configured so that all network connections associated with SSH traffic are terminated after 10 minutes of becoming unresponsive.
Terminating an unresponsive SSH session within a short time period reduces the window of opportunity for unauthorized personnel to take control of a management session enabled on the console or con...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
Group -
RHEL 9 SSH server configuration file must be group-owned by root.
Service configuration files enable or disable features of their respective services, which if configured incorrectly, can lead to insecure and vulnerable configurations. Therefore, service configur...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
Group -
SRG-OS-000480-GPOS-00227
Group -
RHEL 9 SSH server configuration file must have mode 0600 or less permissive.
Service configuration files enable or disable features of their respective services that if configured incorrectly can lead to insecure and vulnerable configurations. Therefore, service configurati...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.