Guide to the Secure Configuration of Red Hat Enterprise Linux 8
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Disable netfs if Possible
To determine if any network filesystems handled by netfs are currently mounted on the system execute the following command: <pre>$ mount -t nfs,nfs...Group -
Disable Network File Systems (netfs)
The netfs script manages the boot-time mounting of several types of networked filesystems, of which NFS and Samba are the most common. If these fil...Rule Unknown Severity -
Disable Services Used Only by NFS
If NFS is not needed, disable the NFS client daemons nfslock, rpcgssd, and rpcidmapd. <br><br> All of these daemons run with elevated privileges, a...Group -
Uninstall rpcbind Package
The rpcbind utility maps RPC services to the ports on which they listen. RPC processes notify rpcbind when they start, registering the ports they a...Rule Low Severity -
Disable Network File System Lock Service (nfslock)
The Network File System Lock (nfslock) service starts the required remote procedure call (RPC) processes which allow clients to lock files on the s...Rule Unknown Severity -
Configure NFS Services to Use Fixed Ports (NFSv3 and NFSv2)
Firewalling should be done at each host and at the border firewalls to protect the NFS daemons from remote access, since NFS servers should never b...Group -
Configure lockd to use static TCP port
Configure the <code>lockd</code> daemon to use a static TCP port as opposed to letting the RPC Bind service dynamically assign a port. Edit the fil...Rule Unknown Severity -
Configure lockd to use static UDP port
Configure the <code>lockd</code> daemon to use a static UDP port as opposed to letting the RPC Bind service dynamically assign a port. Edit the fil...Rule Unknown Severity -
Configure mountd to use static port
Configure the <code>mountd</code> daemon to use a static port as opposed to letting the RPC Bind service dynamically assign a port. Edit the file <...Rule Unknown Severity -
Configure statd to use static port
Configure the <code>statd</code> daemon to use a static port as opposed to letting the RPC Bind service dynamically assign a port. Edit the file <c...Rule Unknown Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules