Skip to content
ATO Pathways
  Log In

Guide to the Secure Configuration of Red Hat Enterprise Linux 8

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Configure NFS Clients

    The steps in this section are appropriate for systems which operate as NFS clients.
    Group
    Show

  • Disable NFS Server Daemons

    There is no need to run the NFS server daemons <code>nfs</code> and <code>rpcsvcgssd</code> except on a small number of properly secured systems de...
    Group
    Show

  • Disable Network File System (nfs)

    The Network File System (NFS) service allows remote hosts to mount and interact with shared filesystems on the local system. If the local system is...
    Rule Unknown Severity
    Show

  • Disable Secure RPC Server Service (rpcsvcgssd)

    The rpcsvcgssd service manages RPCSEC GSS contexts required to secure protocols that use RPC (most often Kerberos and NFS). The rpcsvcgssd service ...
    Rule Unknown Severity
    Show

  • Specify UID and GID for Anonymous NFS Connections

    To specify the UID and GID for remote root users, edit the <code>/etc/exports</code> file and add the following for each export: <pre> anonuid=<cod...
    Rule Unknown Severity
    Show

  • Mount Remote Filesystems with Kerberos Security

    Add the <code>sec=krb5:krb5i:krb5p</code> option to the fourth column of <code>/etc/fstab</code> for the line which controls mounting of any NFS mo...
    Rule Medium Severity
    Show

  • Use Access Lists to Enforce Authorization Restrictions

    When configuring NFS exports, ensure that each export line in <code>/etc/exports</code> contains a list of hosts which are allowed to access that e...
    Group
    Show

  • Mount Remote Filesystems with noexec

    Add the noexec option to the fourth column of /etc/fstab for the line which controls mounting of any NFS mounts.
    Rule Medium Severity
    Show

  • Mount Remote Filesystems with nosuid

    Add the nosuid option to the fourth column of /etc/fstab for the line which controls mounting of any NFS mounts.
    Rule Medium Severity
    Show

  • Configure NFS Servers

    The steps in this section are appropriate for systems which operate as NFS servers.
    Group
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules