Skip to content

Guide to the Secure Configuration of Red Hat Enterprise Linux 8

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Set the Boot Loader Admin Username to a Non-Default Value

    The grub2 boot loader should have a superuser account and password protection enabled to protect boot-time settings. <br><br> To maximize the prote...
    Rule High Severity
  • Boot Loader Is Not Installed On Removeable Media

    The system must not allow removable media to be used as the boot loader. Remove alternate methods of booting the system from removable media. <code...
    Rule Medium Severity
  • Set Boot Loader Password in grub2

    The grub2 boot loader should have a superuser account and password protection enabled to protect boot-time settings. <br><br> Since plaintext passw...
    Rule High Severity
  • UEFI GRUB2 bootloader configuration

    UEFI GRUB2 bootloader configuration
    Group
  • Verify the UEFI Boot Loader grub.cfg Group Ownership

    The file <code>/boot/efi/EFI/redhat/grub.cfg</code> should be group-owned by the <code>root</code> group to prevent destruction or modification of ...
    Rule Medium Severity
  • Verify /boot/efi/EFI/redhat/user.cfg Group Ownership

    The file <code>/boot/efi/EFI/redhat/user.cfg</code> should be group-owned by the <code>root</code> group to prevent reading or modification of the ...
    Rule Medium Severity
  • Verify the UEFI Boot Loader grub.cfg User Ownership

    The file <code>/boot/efi/EFI/redhat/grub.cfg</code> should be owned by the <code>root</code> user to prevent destruction or modification of the fil...
    Rule Medium Severity
  • Verify /boot/efi/EFI/redhat/user.cfg User Ownership

    The file <code>/boot/efi/EFI/redhat/user.cfg</code> should be owned by the <code>root</code> user to prevent reading or modification of the file. ...
    Rule Medium Severity
  • Verify the UEFI Boot Loader grub.cfg Permissions

    File permissions for <code>/boot/efi/EFI/redhat/grub.cfg</code> should be set to 700. To properly set the permissions of <code>/boot/efi/EFI/redha...
    Rule Medium Severity
  • Verify /boot/efi/EFI/redhat/user.cfg Permissions

    File permissions for <code>/boot/efi/EFI/redhat/user.cfg</code> should be set to 600. To properly set the permissions of <code>/boot/efi/EFI/redha...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules