Guide to the Secure Configuration of Red Hat Enterprise Linux 7
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Ensure /opt Located On Separate Partition
It is recommended that the/optdirectory resides on a separate partition.Rule Medium Severity -
Uninstall geolite2-city Package
Thegeolite2-citypackage can be removed with the following command:$ sudo yum erase geolite2-city
Rule Low Severity -
Configure GNOME Login Screen
In the default GNOME desktop, the login is displayed after system boot and can display user accounts, allow users to reboot the system, and allow u...Group -
Ensure /srv Located On Separate Partition
If a file server (FTP, TFTP...) is hosted locally, create a separate partition for <code>/srv</code> at installation time (or migrate it later usin...Rule Unknown Severity -
Ensure /tmp Located On Separate Partition
The <code>/tmp</code> directory is a world-writable directory used for temporary file storage. Ensure it has its own partition or logical volume at...Rule Low Severity -
Ensure /usr Located On Separate Partition
It is recommended that the/usrdirectory resides on a separate partition.Rule Medium Severity -
Ensure /var Located On Separate Partition
The <code>/var</code> directory is used by daemons and other system services to store frequently-changing data. Ensure that <code>/var</code> has i...Rule Low Severity -
Ensure /var/log Located On Separate Partition
System logs are stored in the <code>/var/log</code> directory. Ensure that <code>/var/log</code> has its own partition or logical volume at instal...Rule Low Severity -
Ensure /var/log/audit Located On Separate Partition
Audit logs are stored in the <code>/var/log/audit</code> directory. Ensure that <code>/var/log/audit</code> has its own partition or logical volum...Rule Low Severity -
Ensure /var/tmp Located On Separate Partition
The <code>/var/tmp</code> directory is a world-writable directory used for temporary file storage. Ensure it has its own partition or logical volum...Rule Medium Severity -
GNOME Desktop Environment
GNOME is a graphical desktop environment bundled with many Linux distributions that allow users to easily interact with the operating system graphi...Group -
Remove the GDM Package Group
By removing the <code>gdm</code> package, the system no longer has GNOME installed installed. If X Windows is not installed then the system canno...Rule Medium Severity -
Make sure that the dconf databases are up-to-date with regards to respective keyfiles
By default, DConf uses a binary database as a data backend. The system-level database is compiled from keyfiles in the /etc/dconf/db/ directory by ...Rule High Severity -
Configure GNOME3 DConf User Profile
By default, DConf provides a standard user profile. This profile contains a list of DConf configuration databases. The user profile and database al...Rule High Severity -
Disable GNOME3 Automounting
The system's default desktop environment, GNOME3, will mount devices and removable media (such as DVDs, CDs and USB flash drives) whenever they are...Rule Medium Severity -
Require Encryption for Remote Access in GNOME3
By default, <code>GNOME</code> requires encryption when using <code>Vino</code> for remote access. To prevent remote access encryption from being d...Rule Medium Severity -
Disable the GNOME3 Login Restart and Shutdown Buttons
In the default graphical environment, users logging directly into the system are greeted with a login screen that allows any user, known or unknown...Rule High Severity -
Disable the GNOME3 Login User List
In the default graphical environment, users logging directly into the system are greeted with a login screen that displays all known users. This fu...Rule Medium Severity -
Enable the GNOME3 Login Smartcard Authentication
In the default graphical environment, smart card authentication can be enabled on the login screen by setting <code>enable-smartcard-authentication...Rule Medium Severity -
Set the GNOME3 Login Number of Failures
In the default graphical environment, the GNOME3 login screen and be configured to restart the authentication process after a configured number of ...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.