Skip to content
ATO Pathways
  Log In

Guide to the Secure Configuration of Red Hat Enterprise Linux 8

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Ensure SSH MaxStartups is configured

    The MaxStartups parameter specifies the maximum number of concurrent unauthenticated connections to the SSH daemon. Additional connections will be ...
    Rule Medium Severity
    Show

  • Use Only FIPS 140-2 Validated Ciphers

    Limit the ciphers to those algorithms which are FIPS-approved. Counter (CTR) mode is also preferred over cipher-block chaining (CBC) mode. The foll...
    Rule Medium Severity
    Show

  • Use Only FIPS 140-2 Validated Key Exchange Algorithms

    Limit the key exchange algorithms to those which are FIPS-approved. Add or modify the following line in <code>/etc/crypto-policies/back-ends/opens...
    Rule Medium Severity
    Show

  • Use Only FIPS 140-2 Validated MACs

    Limit the MACs to those hash algorithms which are FIPS-approved. The following line in <code>/etc/ssh/sshd_config</code> demonstrates use of FIPS-a...
    Rule Medium Severity
    Show

  • Enable Use of Privilege Separation

    When enabled, SSH will create an unprivileged child process that has the privilege of the authenticated user. To enable privilege separation in SSH...
    Rule Medium Severity
    Show

  • Disable X Windows

    Unless there is a mission-critical reason for the system to run a graphical user interface, ensure X is not set to start automatically at boot and ...
    Group
    Show

  • SSH server uses strong entropy to seed

    To set up SSH server to use entropy from a high-quality source, edit the <code>/etc/sysconfig/sshd</code> file. The <code>SSH_USE_STRONG_RNG</code>...
    Rule Low Severity
    Show

  • Prevent remote hosts from connecting to the proxy display

    The SSH daemon should prevent remote hosts from connecting to the proxy display. <br> The default SSH configuration for <code>X11UseLocalhost</code...
    Rule Medium Severity
    Show

  • Strengthen Firewall Configuration if Possible

    If the SSH server is expected to only receive connections from the local network, then strengthen the default firewall rule for the SSH service to ...
    Group
    Show

  • System Security Services Daemon

    The System Security Services Daemon (SSSD) is a system daemon that provides access to different identity and authentication providers such as Red H...
    Group
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules