Guide to the Secure Configuration of Red Hat Enterprise Linux 8
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Log USBGuard daemon audit events using Linux Audit
To configure USBGuard daemon to log via Linux Audit (as opposed directly to a file), <code>AuditBackend</code> option in <code>/etc/usbguard/usbgua...Rule Low Severity -
Authorize Human Interface Devices in USBGuard daemon
To allow authorization of Human Interface Devices (keyboard, mouse) by USBGuard daemon, add the line <code>allow with-interface match-all { 03:*:* ...Rule Medium Severity -
Authorize Human Interface Devices and USB hubs in USBGuard daemon
To allow authorization of USB devices combining human interface device and hub capabilities by USBGuard daemon, add the line <code>allow with-inter...Rule Medium Severity -
Authorize USB hubs in USBGuard daemon
To allow authorization of USB hub devices by USBGuard daemon, add line <code>allow with-interface match-all { 09:00:* }</code> to <code>/etc/usbgua...Rule Medium Severity -
Generate USBGuard Policy
By default USBGuard when enabled prevents access to all USB devices and this lead to inaccessible system if they use USB mouse/keyboard. To prevent...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules