Guide to the Secure Configuration of Red Hat Enterprise Linux CoreOS 4
Rules, Groups, and Values defined within the XCCDF Benchmark
-
iptables and ip6tables
A host-based firewall called <code>netfilter</code> is included as part of the Linux kernel distributed with the system. It is activated by default. This firewall is controlled by the program <code...Group -
Verify ip6tables Enabled if Using IPv6
The <code>ip6tables</code> service can be enabled with the following manifest: <pre> --- apiVersion: machineconfiguration.openshift.io/v1 kind: MachineConfig metadata: labels: machineconfigu...Rule Medium Severity -
Verify iptables Enabled
The <code>iptables</code> service can be enabled with the following manifest: <pre> --- apiVersion: machineconfiguration.openshift.io/v1 kind: MachineConfig metadata: labels: machineconfigur...Rule Medium Severity -
Set Default ip6tables Policy for Incoming Packets
To set the default policy to DROP (instead of ACCEPT) for the built-in INPUT chain which processes incoming packets, add or correct the following line in <code>/etc/sysconfig/ip6tables</code>: <pre...Rule Medium Severity -
Disable IPv6 Networking Support Automatic Loading
To prevent the IPv6 kernel module (<code>ipv6</code>) from binding to the IPv6 networking stack, add the following line to <code>/etc/modprobe.d/disabled.conf</code> (or another file in <code>/etc/...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules