Skip to content

Guide to the Secure Configuration of Red Hat Enterprise Linux 8

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Record Attempts to perform maintenance activities

    The Red Hat Enterprise Linux 8 operating system must generate audit records for privileged activities, nonlocal maintenance, diagnostic sessions an...
    Rule Medium Severity
  • Record Access Events to Audit Log Directory

    The audit system should collect access events to read audit log directory. The following audit rule will assure that access to audit log directory ...
    Rule Medium Severity
  • System Audit Directories Must Be Group Owned By Root

    All audit directories must be group owned by root user. By default, the path for audit log is <pre>/var/log/audit/</pre>. To properly set the grou...
    Rule Medium Severity
  • System Audit Directories Must Be Owned By Root

    All audit directories must be owned by root user. By default, the path for audit log is <pre>/var/log/audit/</pre>. To properly set the owner of <...
    Rule Medium Severity
  • System Audit Logs Must Have Mode 0750 or Less Permissive

    Verify the audit log directories have a mode of "0700" or less permissive by first determining where the audit logs are stored with the following ...
    Rule Medium Severity
  • System Audit Logs Must Be Group Owned By Root

    All audit logs must be group owned by root user. The path for audit log can be configured via <code>log_file</code> parameter in <pre>/etc/audit/au...
    Rule Medium Severity
  • Audit Configuration Files Must Be Owned By Group root

    All audit configuration files must be owned by group root.
    chown :root /etc/audit/audit*.{rules,conf} /etc/audit/rules.d/*
    Rule Medium Severity
  • Audit Configuration Files Must Be Owned By Root

    All audit configuration files must be owned by root user. To properly set the owner of <code>/etc/audit/</code>, run the command: <pre>$ sudo chow...
    Rule Medium Severity
  • System Audit Logs Must Be Owned By Root

    All audit logs must be owned by root user and group. By default, the path for audit log is <pre>/var/log/audit/</pre>. To properly set the owner o...
    Rule Medium Severity
  • System Audit Logs Must Be Owned By Root

    All audit logs must be owned by root user. The path for audit log can be configured via <code>log_file</code> parameter in <pre>/etc/audit/auditd.c...
    Rule Medium Severity
  • Audit Configuration Files Permissions are 640 or More Restrictive

    All audit configuration files permissions must be 640 or more restrictive.
    chmod 0640 /etc/audit/audit*.{rules,conf} /etc/audit/rules.d/*
    Rule Medium Severity
  • System Audit Logs Must Have Mode 0640 or Less Permissive

    Determine where the audit logs are stored with the following command: <pre>$ sudo grep -iw log_file /etc/audit/auditd.conf log_file = /var/log/aud...
    Rule Medium Severity
  • Record Events that Modify the System's Discretionary Access Controls

    At a minimum, the audit system should collect file permission changes for all users and root. Note that the "-F arch=b32" lines should be present e...
    Group
  • Record Events that Modify the System's Discretionary Access Controls - chmod

    At a minimum, the audit system should collect file permission changes for all users and root. If the <code>auditd</code> daemon is configured to us...
    Rule Medium Severity
  • Record Events that Modify the System's Discretionary Access Controls - chown

    At a minimum, the audit system should collect file permission changes for all users and root. If the <code>auditd</code> daemon is configured to us...
    Rule Medium Severity
  • Record Events that Modify the System's Discretionary Access Controls - fchmod

    At a minimum, the audit system should collect file permission changes for all users and root. If the <code>auditd</code> daemon is configured to us...
    Rule Medium Severity
  • Record Events that Modify the System's Discretionary Access Controls - fchmodat

    At a minimum, the audit system should collect file permission changes for all users and root. If the <code>auditd</code> daemon is configured to us...
    Rule Medium Severity
  • Record Events that Modify the System's Discretionary Access Controls - fchown

    At a minimum, the audit system should collect file permission changes for all users and root. If the <code>auditd</code> daemon is configured to us...
    Rule Medium Severity
  • Record Events that Modify the System's Discretionary Access Controls - fchownat

    At a minimum, the audit system should collect file permission changes for all users and root. If the <code>auditd</code> daemon is configured to us...
    Rule Medium Severity
  • Record Events that Modify the System's Discretionary Access Controls - fremovexattr

    At a minimum, the audit system should collect file permission changes for all users and root. <br><br> If the <code>auditd</code> daemon is configu...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules