Skip to content
Log In

Red Hat Enterprise Linux 9 Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • SRG-OS-000312-GPOS-00123

    Group
    Show

  • RHEL 9 must enable kernel parameters to enforce discretionary access control on hardlinks.

    By enabling the fs.protected_hardlinks kernel parameter, users can no longer create soft or hard links to files they do not own. Disallowing such hardlinks mitigates vulnerabilities based on insecu...
    Rule Medium Severity
    Show

  • SRG-OS-000312-GPOS-00123

    Group
    Show

  • SRG-OS-000480-GPOS-00227

    Group
    Show

  • RHEL 9 must disable the kernel.core_pattern.

    A core dump includes a memory image taken at the time the operating system terminates an application. The memory image could contain sensitive data and is generally useful only for developers tryin...
    Rule Medium Severity
    Show

  • SRG-OS-000095-GPOS-00049

    Group
    Show

  • RHEL 9 must be configured to disable the Asynchronous Transfer Mode kernel module.

    Disabling Asynchronous Transfer Mode (ATM) protects the system against exploitation of any flaws in its implementation.
    Rule Medium Severity
    Show

  • SRG-OS-000095-GPOS-00049

    Group
    Show

  • RHEL 9 must be configured to disable the Controller Area Network kernel module.

    Disabling Controller Area Network (CAN) protects the system against exploitation of any flaws in its implementation.
    Rule Medium Severity
    Show

  • SRG-OS-000095-GPOS-00049

    Group
    Show

  • RHEL 9 must be configured to disable the FireWire kernel module.

    Disabling firewire protects the system against exploitation of any flaws in its implementation.
    Rule Medium Severity
    Show

  • SRG-OS-000095-GPOS-00049

    Group
    Show

  • SRG-OS-000095-GPOS-00049

    Group
    Show

  • RHEL 9 must disable the Transparent Inter Process Communication (TIPC) kernel module.

    It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooke...
    Rule Medium Severity
    Show

  • SRG-OS-000433-GPOS-00193

    Group
    Show

  • SRG-OS-000132-GPOS-00067

    Group
    Show

  • RHEL 9 must disable access to network bpf system call from nonprivileged processes.

    Loading and accessing the packet filters programs and maps using the bpf() system call has the potential of revealing sensitive information about the kernel state. Satisfies: SRG-OS-000132-GPOS-00...
    Rule Medium Severity
    Show

  • SRG-OS-000132-GPOS-00067

    Group
    Show

  • RHEL 9 must restrict usage of ptrace to descendant processes.

    Unrestricted usage of ptrace allows compromised binaries to run ptrace on other processes of the user. Like this, the attacker can steal sensitive information from the target processes (e.g., SSH s...
    Rule Medium Severity
    Show

  • SRG-OS-000480-GPOS-00227

    Group
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules