Guide to the Secure Configuration of Red Hat Enterprise Linux CoreOS 4
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Login timeout for idle sessions
Specify duration of allowed idle time.Value -
Verify that Interactive Boot is Disabled
Red Hat Enterprise Linux CoreOS 4 systems support an "interactive boot" option that can be used to prevent services from being started. On a Red Hat Enterprise Linux CoreOS 4 system, interactive bo...Rule Medium Severity -
Ensure there are no legacy + NIS entries in /etc/group
The+character in/etc/groupfile marks a place where entries from a network information service (NIS) should be directly inserted.Rule Medium Severity -
Disable Ctrl-Alt-Del Reboot Activation
By default, <code>SystemD</code> will reboot the system if the <code>Ctrl-Alt-Del</code> key sequence is pressed. <br> <br> To configure the system to ignore the <code>Ctrl-Alt-Del</code> k...Rule High Severity -
Verify that Interactive Boot is Disabled
Red Hat Enterprise Linux CoreOS 4 systems support an "interactive boot" option that can be used to prevent services from being started. On a Red Hat Enterprise Linux CoreOS 4 system, interactive bo...Rule Medium Severity -
Require Authentication for Single User Mode
Single-user mode is intended as a system recovery method, providing a single user root access to the system by providing a boot option at startup. <br> <br> By default, single-user mode is ...Rule Medium Severity -
Configure Screen Locking
When a user must temporarily leave an account logged-in, screen locking should be employed to prevent passersby from abusing the account. User education and training is particularly important for s...Group -
Configure Console Screen Locking
A console screen locking mechanism is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the information system but does not logout because of th...Group -
Support session locking with tmux
Thetmuxterminal multiplexer is used to implement automatic session locking. It should be started from/etc/bashrcor drop-in files within/etc/profile.d/.Rule Medium Severity -
Configure tmux to lock session after inactivity
To enable console screen locking in <code>tmux</code> terminal multiplexer after a period of inactivity, the <code>lock-after-time</code> option has to be set to a value greater than 0 and less tha...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules