Skip to content

Guide to the Secure Configuration of Red Hat Enterprise Linux 8

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Protect DNS Data from Tampering or Attack

    This section discusses DNS configuration options which make it more difficult for attackers to gain access to private DNS data or to modify DNS data.
    Group
  • Configure Fapolicy Module to Employ a Deny-all, Permit-by-exception Policy to Allow the Execution of Authorized Software Programs.

    The Fapolicy module must be configured to employ a deny-all, permit-by-exception policy to allow the execution of authorized software programs and ...
    Rule Medium Severity
  • Mount Remote Filesystems with nodev

    Add the nodev option to the fourth column of /etc/fstab for the line which controls mounting of any NFS mounts.
    Rule Medium Severity
  • Authenticate Zone Transfers

    If it is necessary for a secondary nameserver to receive zone data via zone transfer from the primary server, follow the instructions here. Use dn...
    Rule Medium Severity
  • Disable Dynamic Updates

    Is there a mission-critical reason to enable the risky dynamic update functionality? If not, edit <code>/etc/named.conf</code>. For each zone speci...
    Rule Unknown Severity
  • Disable Zone Transfers from the Nameserver

    Is it necessary for a secondary nameserver to receive zone data via zone transfer from the primary server? If not, follow the instructions in this...
    Rule Unknown Severity
  • Use Views to Partition External and Internal Information

    If it is not possible to run external and internal nameservers on separate physical systems, run BIND9 and simulate this feature using views. Edit ...
    Group
  • Run Separate DNS Servers for External and Internal Queries

    Is it possible to run external and internal nameservers on separate systems? If so, follow the configuration guidance in this section. On the exter...
    Group
  • Docker Service

    The docker service is necessary to create containers, which are self-sufficient and self-contained applications using the resource isolation fe...
    Group
  • Application Whitelisting Daemon

    Fapolicyd (File Access Policy Daemon) implements application whitelisting to decide file access rights. Applications that are known via a reputatio...
    Group

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules