Guide to the Secure Configuration of Red Hat Enterprise Linux 9
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Record Successful Access Attempts to Files - creat
At a minimum, the audit system should collect unauthorized file accesses for all users and root. If the <code>auditd</code> daemon is configured to...Rule Medium Severity -
Record Successful Permission Changes to Files - fchmod
At a minimum, the audit system should collect file permission changes for all users and root. If the <code>auditd</code> daemon is configured to us...Rule Medium Severity -
Record Successful Permission Changes to Files - fchmodat
At a minimum, the audit system should collect file permission changes for all users and root. If the <code>auditd</code> daemon is configured to us...Rule Medium Severity -
Record Successful Ownership Changes to Files - fchown
At a minimum, the audit system should collect file ownership changes for all users and root. If the <code>auditd</code> daemon is configured to use...Rule Medium Severity -
Record Successful Ownership Changes to Files - fchownat
At a minimum, the audit system should collect file ownership changes for all users and root. If the <code>auditd</code> daemon is configured to use...Rule Medium Severity -
Record Successful Permission Changes to Files - fremovexattr
At a minimum, the audit system should collect file permission changes for all users and root. If the <code>auditd</code> daemon is configured to us...Rule Medium Severity -
Record Successful Permission Changes to Files - fsetxattr
At a minimum, the audit system should collect file permission changes for all users and root. If the <code>auditd</code> daemon is configured to us...Rule Medium Severity -
Record Successful Access Attempts to Files - ftruncate
At a minimum, the audit system should collect unauthorized file accesses for all users and root. If the <code>auditd</code> daemon is configured to...Rule Medium Severity -
Record Successful Ownership Changes to Files - lchown
At a minimum, the audit system should collect file ownership changes for all users and root. If the <code>auditd</code> daemon is configured to use...Rule Medium Severity -
Record Successful Permission Changes to Files - lremovexattr
At a minimum, the audit system should collect file permission changes for all users and root. If the <code>auditd</code> daemon is configured to us...Rule Medium Severity -
Record Successful Permission Changes to Files - lsetxattr
At a minimum, the audit system should collect file permission changes for all users and root. If the <code>auditd</code> daemon is configured to us...Rule Medium Severity -
Record Successful Access Attempts to Files - open
At a minimum, the audit system should collect unauthorized file accesses for all users and root. If the <code>auditd</code> daemon is configured to...Rule Medium Severity -
Record Successful Access Attempts to Files - open_by_handle_at
At a minimum, the audit system should collect unauthorized file accesses for all users and root. If the <code>auditd</code> daemon is configured to...Rule Medium Severity -
Record Successful Creation Attempts to Files - open_by_handle_at O_CREAT
The <code>open_by_handle_at</code> syscall can be used to create new files when O_CREAT flag is specified. The following audit rules will assure t...Rule Medium Severity -
Record Successful Creation Attempts to Files - open_by_handle_at O_TRUNC_WRITE
The audit system should collect detailed file access records for all users and root. The <code>open_by_handle_at</code> syscall can be used to modi...Rule Medium Severity -
Record Successful Creation Attempts to Files - open O_CREAT
The <code>open</code> syscall can be used to create new files when O_CREAT flag is specified. The following audit rules will assure that successfu...Rule Medium Severity -
Record Successful Creation Attempts to Files - open O_TRUNC_WRITE
The audit system should collect detailed file access records for all users and root. The <code>open</code> syscall can be used to modify files if c...Rule Medium Severity -
Record Successful Access Attempts to Files - openat
At a minimum, the audit system should collect unauthorized file accesses for all users and root. If the <code>auditd</code> daemon is configured to...Rule Medium Severity -
cron_system_cronjob_use_shares SELinux Boolean
default - Default SELinux boolean setting.
on - SELinux boolean is enabled.
off - SELinux boolean is disabled.Value -
Record Successful Creation Attempts to Files - openat O_CREAT
The <code>openat</code> syscall can be used to create new files when O_CREAT flag is specified. The following audit rules will assure that success...Rule Medium Severity -
Record Successful Creation Attempts to Files - openat O_TRUNC_WRITE
The audit system should collect detailed file access records for all users and root. The <code>openat</code> syscall can be used to modify files if...Rule Medium Severity -
Record Successful Permission Changes to Files - removexattr
At a minimum, the audit system should collect file permission changes for all users and root. If the <code>auditd</code> daemon is configured to us...Rule Medium Severity -
Record Successful Delete Attempts to Files - rename
At a minimum, the audit system should collect file deletion for all users and root. If the <code>auditd</code> daemon is configured to use the <cod...Rule Medium Severity -
Record Successful Delete Attempts to Files - renameat
At a minimum, the audit system should collect file deletion for all users and root. If the <code>auditd</code> daemon is configured to use the <cod...Rule Medium Severity -
exim_can_connect_db SELinux Boolean
default - Default SELinux boolean setting.
on - SELinux boolean is enabled.
off - SELinux boolean is disabled.Value -
Record Successful Permission Changes to Files - setxattr
At a minimum, the audit system should collect file permission changes for all users and root. If the <code>auditd</code> daemon is configured to us...Rule Medium Severity -
Record Successful Access Attempts to Files - truncate
At a minimum, the audit system should collect unauthorized file accesses for all users and root. If the <code>auditd</code> daemon is configured to...Rule Medium Severity -
Record Successful Delete Attempts to Files - unlink
At a minimum, the audit system should collect file deletion for all users and root. If the <code>auditd</code> daemon is configured to use the <cod...Rule Medium Severity -
Record Successful Delete Attempts to Files - unlinkat
At a minimum, the audit system should collect file deletion for all users and root. If the <code>auditd</code> daemon is configured to use the <cod...Rule Medium Severity -
Ensure auditd Collects Unauthorized Access Attempts to Files (unsuccessful)
At a minimum the audit system should collect unauthorized file accesses for all users and root. If the <code>auditd</code> daemon is configured to ...Rule Medium Severity -
Write Audit Logs to the Disk
To configure Audit daemon to write Audit logs to the disk, set <code>write_logs</code> to <code>yes</code> in <code>/etc/audit/auditd.conf</code>. ...Rule Medium Severity -
glance_use_fusefs SELinux Boolean
default - Default SELinux boolean setting.
on - SELinux boolean is enabled.
off - SELinux boolean is disabled.Value -
Record Unsuccessful Permission Changes to Files - chmod
The audit system should collect unsuccessful file permission change attempts for all users and root. If the <code>auditd</code> daemon is configure...Rule Medium Severity -
Record Unsuccessful Ownership Changes to Files - chown
The audit system should collect unsuccessful file ownership change attempts for all users and root. If the <code>auditd</code> daemon is configured...Rule Medium Severity -
Record Unsuccessful Access Attempts to Files - creat
At a minimum, the audit system should collect unauthorized file accesses for all users and root. If the <code>auditd</code> daemon is configured to...Rule Medium Severity -
Record Unsuccessful Permission Changes to Files - fchmod
The audit system should collect unsuccessful file permission change attempts for all users and root. If the <code>auditd</code> daemon is configure...Rule Medium Severity -
Ensure auditd Unauthorized Access Attempts To open_by_handle_at Are Ordered Correctly
The audit system should collect detailed unauthorized file accesses for all users and root. To correctly identify unsuccessful creation, unsuccessf...Rule Medium Severity -
Record Unsuccessful Permission Changes to Files - fchmodat
The audit system should collect unsuccessful file permission change attempts for all users and root. If the <code>auditd</code> daemon is configure...Rule Medium Severity -
Record Unsuccessful Ownership Changes to Files - fchown
The audit system should collect unsuccessful file ownership change attempts for all users and root. If the <code>auditd</code> daemon is configured...Rule Medium Severity -
Record Unsuccessful Ownership Changes to Files - fchownat
The audit system should collect unsuccessful file ownership change attempts for all users and root. If the <code>auditd</code> daemon is configured...Rule Medium Severity -
Record Unsuccessful Permission Changes to Files - fremovexattr
The audit system should collect unsuccessful file permission change attempts for all users and root. If the <code>auditd</code> daemon is configure...Rule Medium Severity -
Record Unsuccessful Permission Changes to Files - fsetxattr
The audit system should collect unsuccessful file permission change attempts for all users and root. If the <code>auditd</code> daemon is configure...Rule Medium Severity -
Postfix Root Mail Alias
Specify an email address (string) for a root mail alias.Value -
Record Unsuccessful Access Attempts to Files - ftruncate
At a minimum, the audit system should collect unauthorized file accesses for all users and root. If the <code>auditd</code> daemon is configured to...Rule Medium Severity -
Record Unsuccessful Ownership Changes to Files - lchown
The audit system should collect unsuccessful file ownership change attempts for all users and root. If the <code>auditd</code> daemon is configure...Rule Medium Severity -
Record Unsuccessful Permission Changes to Files - lremovexattr
The audit system should collect unsuccessful file permission change attempts for all users and root. If the <code>auditd</code> daemon is configure...Rule Medium Severity -
Record Unsuccessful Permission Changes to Files - lsetxattr
The audit system should collect unsuccessful file permission change attempts for all users and root. If the <code>auditd</code> daemon is configure...Rule Medium Severity -
Ensure auditd Collects Information on Kernel Module Loading - init_module
To capture kernel module loading events, use following line, setting ARCH to either b32 for 32-bit system, or having two lines for both b32 and b64...Rule Medium Severity -
Record Unsuccessful Access Attempts to Files - open
At a minimum, the audit system should collect unauthorized file accesses for all users and root. If the <code>auditd</code> daemon is configured to...Rule Medium Severity -
Record Unsuccessful Access Attempts to Files - open_by_handle_at
At a minimum, the audit system should collect unauthorized file accesses for all users and root. If the <code>auditd</code> daemon is configured to...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.