Guide to the Secure Configuration of Red Hat Enterprise Linux CoreOS 4
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Verify ip6tables Enabled if Using IPv6
The <code>ip6tables</code> service can be enabled with the following manifest: <pre> --- apiVersion: machineconfiguration.openshift.io/v1 kind: Ma...Rule Medium Severity -
Verify iptables Enabled
The <code>iptables</code> service can be enabled with the following manifest: <pre> --- apiVersion: machineconfiguration.openshift.io/v1 kind: Mac...Rule Medium Severity -
Set Default ip6tables Policy for Incoming Packets
To set the default policy to DROP (instead of ACCEPT) for the built-in INPUT chain which processes incoming packets, add or correct the following l...Rule Medium Severity -
Disable IPv6 Networking Support Automatic Loading
To prevent the IPv6 kernel module (<code>ipv6</code>) from binding to the IPv6 networking stack, add the following line to <code>/etc/modprobe.d/di...Rule Medium Severity -
Strengthen the Default Ruleset
The default rules can be strengthened. The system scripts that activate the firewall rules expect them to be defined in the configuration files <co...Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules