Guide to the Secure Configuration of Red Hat Enterprise Linux 8
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Enable Smartcards in SSSD
SSSD should be configured to authenticate access to the system using smart cards. To enable smart cards in SSSD, set <code>pam_cert_auth</code> to ...Rule Medium Severity -
SSSD Has a Correct Trust Anchor
SSSD must have acceptable trust anchor present.Rule Medium Severity -
Configure SSSD's Memory Cache to Expire
SSSD's memory cache should be configured to set to expire records after <code><xccdf-1.2:sub idref="xccdf_org.ssgproject.content_value_var_sssd_mem...Rule Medium Severity -
Configure SSSD to Expire Offline Credentials
SSSD should be configured to expire offline credentials after 1 day. Check if SSSD allows cached authentications with the following command: <pre>...Rule Medium Severity -
Configure SSSD to run as user sssd
SSSD processes should be configured to run as user sssd, not root.Rule Medium Severity -
Configure SSSD to Expire SSH Known Hosts
SSSD should be configured to expire keys from known SSH hosts after <code><xccdf-1.2:sub idref="xccdf_org.ssgproject.content_value_var_sssd_ssh_kno...Rule Medium Severity -
System Security Services Daemon (SSSD) - LDAP
The System Security Services Daemon (SSSD) is a system daemon that provides access to different identity and authentication providers such as Red H...Group -
SSSD LDAP Backend Client CA Certificate Location
Path of a directory that contains Certificate Authority certificates.Value -
Configure SSSD LDAP Backend Client CA Certificate
Configure SSSD to implement cryptography to protect the integrity of LDAP remote access sessions. By setting the <pre>ldap_tls_cacert</pre> option ...Rule Medium Severity -
Configure SSSD LDAP Backend Client CA Certificate Location
Configure SSSD to implement cryptography to protect the integrity of LDAP remote access sessions. By setting the <pre>ldap_tls_cacertdir</pre> opti...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules