Guide to the Secure Configuration of Red Hat Enterprise Linux 9
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Enable randomization of the page allocator in zIPL
To enable the randomization of the page allocator in the kernel, check that all boot entries in <code>/boot/loader/entries/*.conf</code> have <code...Rule Medium Severity -
Enable page allocator poisoning in zIPL
To enable poisoning of free pages, check that all boot entries in <code>/boot/loader/entries/*.conf</code> have <code>page_poison=1</code> included...Rule Medium Severity -
Enable SLUB/SLAB allocator poisoning in zIPL
To enable poisoning of SLUB/SLAB objects, check that all boot entries in <code>/boot/loader/entries/*.conf</code> have <code>slub_debug=P</code> in...Rule Medium Severity -
Ensure debug-shell service is not enabled in zIPL
systemd's <code>debug-shell</code> service is intended to diagnose systemd related boot issues with various <code>systemctl</code> commands. Once e...Rule Medium Severity -
Disable vsyscalls in zIPL
To disable use of virtual syscalls, check that all boot entries in <code>/boot/loader/entries/*.conf</code> have <code>vsyscall=none</code> include...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules