Skip to content
ATO Pathways
  Log In

Guide to the Secure Configuration of Red Hat Enterprise Linux 8

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Ensure LDAP client is not installed

    The Lightweight Directory Access Protocol (LDAP) is a service that provides a method for looking up information from a central database. The <code>...
    Rule Low Severity
    Show

  • Enable the LDAP Client For Use in Authconfig

    To determine if LDAP is being used for authentication, use the following command: <pre>$ sudo grep -i useldapauth /etc/sysconfig/authconfig</pre> <...
    Rule Medium Severity
    Show

  • Configure LDAP Client to Use TLS For All Transactions

    This check verifies cryptography has been implemented to protect the integrity of remote LDAP authentication sessions. <br><br> To determine if LDA...
    Rule Medium Severity
    Show

  • Configure Certificate Directives for LDAP Use of TLS

    Ensure a copy of a trusted CA certificate has been placed in the file <code>/etc/pki/tls/CA/cacert.pem</code>. Configure LDAP to enforce TLS use an...
    Rule Medium Severity
    Show

  • Configure OpenLDAP Server

    This section details some security-relevant settings for an OpenLDAP server.
    Group
    Show

  • Uninstall openldap-servers Package

    The openldap-servers package is not installed by default on a Red Hat Enterprise Linux 8 system. It is needed only by the OpenLDAP server, not by t...
    Rule Low Severity
    Show

  • Disable LDAP Server (slapd)

    The Lightweight Directory Access Protocol (LDAP) is a service that provides a method for looking up information from a central database.
    Rule Medium Severity
    Show

  • Disable Secure RPC Client Service (rpcgssd)

    The rpcgssd service manages RPCSEC GSS contexts required to secure protocols that use RPC (most often Kerberos and NFS). The rpcgssd service is the...
    Rule Unknown Severity
    Show

  • Enact SMTP Recipient Restrictions

    To configure Postfix to restrict addresses to which it will send mail, see: <a href="http://www.postfix.org/SMTPD_ACCESS_README.html#danger">h...
    Group
    Show

  • Install and Protect LDAP Certificate Files

    Create the PKI directory for LDAP certificates if it does not already exist: <pre>$ sudo mkdir /etc/pki/tls/ldap $ sudo chown root:root /etc/pki/tl...
    Group
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules