Guide to the Secure Configuration of Fedora
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Uninstall abrt-cli Package
Theabrt-clipackage can be removed with the following command:$ sudo dnf erase abrt-cli
Rule Low Severity -
Uninstall abrt-plugin-logger Package
Theabrt-plugin-loggerpackage can be removed with the following command:$ sudo dnf erase abrt-plugin-logger
Rule Low Severity -
Uninstall abrt-plugin-rhtsupport Package
Theabrt-plugin-rhtsupportpackage can be removed with the following command:$ sudo dnf erase abrt-plugin-rhtsupport
Rule Low Severity -
Uninstall abrt-plugin-sosreport Package
Theabrt-plugin-sosreportpackage can be removed with the following command:$ sudo dnf erase abrt-plugin-sosreport
Rule Low Severity -
Uninstall geolite2-city Package
Thegeolite2-citypackage can be removed with the following command:$ sudo dnf erase geolite2-city
Rule Low Severity -
Uninstall geolite2-country Package
Thegeolite2-countrypackage can be removed with the following command:$ sudo dnf erase geolite2-country
Rule Low Severity -
Uninstall iprutils Package
Theiprutilspackage can be removed with the following command:$ sudo dnf erase iprutils
Rule Medium Severity -
Uninstall krb5-workstation Package
Thekrb5-workstationpackage can be removed with the following command:$ sudo dnf erase krb5-workstation
Rule Medium Severity -
Uninstall libreport-plugin-logger Package
Thelibreport-plugin-loggerpackage can be removed with the following command:$ sudo dnf erase libreport-plugin-logger
Rule Low Severity -
Uninstall libreport-plugin-rhtsupport Package
The <code>libreport-plugin-rhtsupport</code> package can be removed with the following command: <pre> $ sudo dnf erase libreport-plugin-rhtsupport<...Rule Low Severity -
Uninstall python3-abrt-addon Package
Thepython3-abrt-addonpackage can be removed with the following command:$ sudo dnf erase python3-abrt-addon
Rule Low Severity -
Uninstall tuned Package
Thetunedpackage can be removed with the following command:$ sudo dnf erase tuned
Rule Medium Severity -
Updating Software
The <code>dnf</code> command line tool is used to install and update software packages. The system also provides a graphical software update tool i...Group -
Install dnf-automatic Package
Thednf-automaticpackage can be installed with the following command:$ sudo dnf install dnf-automatic
Rule Medium Severity -
Install GNOME Software
Thegnome-softwarepackage can be installed with the following command:$ sudo dnf install gnome-software
Rule Medium Severity -
Ensure dnf Removes Previous Package Versions
<code>dnf</code> should be configured to remove previous software components after new versions have been installed. To configure <code>dnf</code> ...Rule Low Severity -
Configure dnf-automatic to Install Available Updates Automatically
To ensure that the packages comprising the available updates will be automatically installed by <code>dnf-automatic</code>, set <code>apply_updates...Rule Medium Severity -
Configure dnf-automatic to Install Only Security Updates
To configure <code>dnf-automatic</code> to install only security updates automatically, set <code>upgrade_type</code> to <code>security</code> unde...Rule Low Severity -
Ensure Fedora GPG Key Installed
To ensure the system can cryptographically verify base software packages come from Fedora (and to connect to the Fedora Network to receive them), t...Rule High Severity -
Ensure gpgcheck Enabled In Main dnf Configuration
The <code>gpgcheck</code> option controls whether RPM packages' signatures are always checked prior to installation. To configure dnf to check pack...Rule High Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.