Guide to the Secure Configuration of Red Hat Enterprise Linux 7
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Ensure users' .netrc Files are not group or world accessible
While the system administrator can establish secure permissions for users' .netrc files, the users can easily override these. This rule ensures every .netrc file or directory under the home direct...Rule Medium Severity -
Record Events When Executables Are Run As Another User
Verify the system generates an audit record when actions are run as another user. sudo provides users with temporary elevated privileges to perform operations, either as the superuser or another us...Rule Medium Severity -
Record Attempts to perform maintenance activities
The Red Hat Enterprise Linux 7 operating system must generate audit records for privileged activities, nonlocal maintenance, diagnostic sessions and other system-level access. Verify the operating...Rule Medium Severity -
Record Any Attempts to Run chacl
At a minimum, the audit system should collect any execution attempt of the <code>chacl</code> command for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenr...Rule Medium Severity -
Ensure auditd Collects Information on Kernel Module Loading and Unloading
To capture kernel module loading and unloading events, use following lines, setting ARCH to either b32 for 32-bit system, or having two lines for both b32 and b64 in case your system is 64-bit: <pr...Rule Medium Severity -
Ensure auditd Collects Information on Kernel Module Loading and Unloading - query_module
If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add the following lines to a file with suffix <co...Rule Medium Severity -
Record Attempts to Alter Logon and Logout Events
The audit system already collects login information for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during dae...Group -
Record Attempts to Alter Logon and Logout Events
The audit system already collects login information for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during dae...Rule Medium Severity -
Ensure auditd Collects Information on the Use of Privileged Commands - usermod
At a minimum, the audit system should collect the execution of privileged commands for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program...Rule Medium Severity -
Type of hostname to record the audit event
Type of hostname to record the audit eventValue
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.