Skip to content

Guide to the Secure Configuration of Red Hat Enterprise Linux 7

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Configure the CUPS Service if Necessary

    CUPS provides the ability to easily share local printers with other systems over the network. It does this by allowing systems to share lists of av...
    Group
  • Disable Printer Browsing Entirely if Possible

    By default, CUPS listens on the network for printer list broadcasts on UDP port 631. This functionality is called printer browsing. To disable prin...
    Rule Unknown Severity
  • Disable Print Server Capabilities

    To prevent remote users from potentially connecting to and using locally configured printers, disable the CUPS print server sharing capabilities. T...
    Rule Unknown Severity
  • Proxy Server

    A proxy server is a very desirable target for a potential adversary because much (or all) sensitive data for a given infrastructure may flow throug...
    Group
  • Disable Squid if Possible

    If Squid was installed and activated, but the system does not need to act as a proxy server, then it should be disabled and removed.
    Group
  • Ensure SNMP Read Write is disabled

    Edit <code>/etc/snmp/snmpd.conf</code>, remove any <code>rwuser</code> entries. Once the read write users have been removed, restart the SNMP servi...
    Rule Medium Severity
  • Remote Authentication Dial-In User Service (RADIUS)

    Remote Authentication Dial-In User Service (RADIUS) is a networking protocol, operating on port 1812 that provides centralized Authentication, Auth...
    Group
  • Remove the FreeRadius Server Package

    The <code>freeradius</code> package should be removed if not in use. Is this system a RADIUS server? If not, remove the package. The <code>freeradi...
    Rule Low Severity
  • Hardware RNG Entropy Gatherer Daemon

    The rngd feeds random data from hardware device to kernel random device.
    Group
  • Network Routing

    A router is a very desirable target for a potential adversary because they fulfill a variety of infrastructure networking roles such as access to ...
    Group

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules