Skip to content
ATO Pathways
  Log In

Guide to the Secure Configuration of Red Hat Enterprise Linux 7

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Support Only the Necessary Protocols

    Dovecot supports the IMAP and POP3 protocols, as well as SSL-protected versions of those protocols. Configure the Dovecot server to support only ...
    Group
    Show

  • Remove the Kerberos Server Package

    The <code>krb5-server</code> package should be removed if not in use. Is this system the Kerberos server? If not, remove the package. The <code>krb...
    Rule Medium Severity
    Show

  • Disable Kerberos by removing host keytab

    Kerberos is not an approved key distribution method for Common Criteria. To prevent using Kerberos by system daemons, remove the Kerberos keytab fi...
    Rule Medium Severity
    Show

  • LDAP

    LDAP is a popular directory service, that is, a standardized way of looking up information from a central database. Red Hat Enterprise Linux 7 incl...
    Group
    Show

  • Configure OpenLDAP Clients

    This section provides information on which security settings are important to configure in OpenLDAP clients by manually editing the appropriate con...
    Group
    Show

  • Ensure LDAP client is not installed

    The Lightweight Directory Access Protocol (LDAP) is a service that provides a method for looking up information from a central database. The <code>...
    Rule Low Severity
    Show

  • Enable the LDAP Client For Use in Authconfig

    To determine if LDAP is being used for authentication, use the following command: <pre>$ sudo grep -i useldapauth /etc/sysconfig/authconfig</pre> <...
    Rule Medium Severity
    Show

  • Configure LDAP Client to Use TLS For All Transactions

    This check verifies cryptography has been implemented to protect the integrity of remote LDAP authentication sessions. <br><br> To determine if LDA...
    Rule Medium Severity
    Show

  • Configure Certificate Directives for LDAP Use of TLS

    Ensure a copy of a trusted CA certificate has been placed in the file <code>/etc/pki/tls/CA/cacert.pem</code>. Configure LDAP to enforce TLS use an...
    Rule Medium Severity
    Show

  • Configure OpenLDAP Server

    This section details some security-relevant settings for an OpenLDAP server. Installation and configuration of OpenLDAP on Red Hat Enterprise Linu...
    Group
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules