Red Hat Enterprise Linux 9 Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-OS-000324-GPOS-00125
Group -
The systemd Ctrl-Alt-Delete burst key sequence in RHEL 9 must be disabled.
A locally logged-on user who presses Ctrl-Alt-Delete when at the console can reboot the system. If accidentally pressed, as could happen in the case of a mixed OS environment, this can create the r...Rule High Severity -
SRG-OS-000324-GPOS-00125
Group -
SRG-OS-000324-GPOS-00125
Group -
RHEL 9 debug-shell systemd service must be disabled.
The debug-shell requires no authentication and provides root privileges to anyone who has physical access to the machine. While this feature is disabled by default, masking it adds an additional la...Rule Medium Severity -
SRG-OS-000080-GPOS-00048
Group -
SRG-OS-000480-GPOS-00227
Group -
RHEL 9 must disable the ability of systemd to spawn an interactive boot process.
Using interactive or recovery boot, the console user could disable auditing, firewalls, or other services, weakening system security.Rule Medium Severity -
SRG-OS-000080-GPOS-00048
Group -
RHEL 9 must require a unique superusers name upon booting into single-user and maintenance modes.
Having a nondefault grub superuser username makes password-guessing attacks less effective.Rule High Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.