Guide to the Secure Configuration of Red Hat Enterprise Linux 9
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Ensure auditd Collects File Deletion Events by User - rename
At a minimum, the audit system should collect file deletion events for all users and root. If the <code>auditd</code> daemon is configured to use t...Rule Medium Severity -
Ensure auditd Collects File Deletion Events by User - renameat
At a minimum, the audit system should collect file deletion events for all users and root. If the <code>auditd</code> daemon is configured to use t...Rule Medium Severity -
Ensure auditd Collects File Deletion Events by User - rmdir
At a minimum, the audit system should collect file deletion events for all users and root. If the <code>auditd</code> daemon is configured to use t...Rule Medium Severity -
Ensure auditd Collects File Deletion Events by User - unlink
At a minimum, the audit system should collect file deletion events for all users and root. If the <code>auditd</code> daemon is configured to use t...Rule Medium Severity -
Ensure auditd Collects File Deletion Events by User - unlinkat
At a minimum, the audit system should collect file deletion events for all users and root. If the <code>auditd</code> daemon is configured to use t...Rule Medium Severity -
Record Unauthorized Access Attempts Events to Files (unsuccessful)
At a minimum, the audit system should collect unauthorized file accesses for all users and root. Note that the "-F arch=b32" lines should be presen...Group -
Appropriate Action Must be Setup When the Internal Audit Event Queue is Full
The audit system should have an action setup in the event the internal event queue becomes full. To setup an overflow action edit <code>/etc/audit/...Rule Medium Severity -
cron_can_relabel SELinux Boolean
default - Default SELinux boolean setting.
on - SELinux boolean is enabled.
off - SELinux boolean is disabled.Value -
Record Successful Permission Changes to Files - chmod
At a minimum, the audit system should collect file permission changes for all users and root. If the <code>auditd</code> daemon is configured to us...Rule Medium Severity -
Record Successful Ownership Changes to Files - chown
At a minimum, the audit system should collect file ownership changes for all users and root. If the <code>auditd</code> daemon is configured to use...Rule Medium Severity -
Record Successful Access Attempts to Files - creat
At a minimum, the audit system should collect unauthorized file accesses for all users and root. If the <code>auditd</code> daemon is configured to...Rule Medium Severity -
Record Successful Permission Changes to Files - fchmod
At a minimum, the audit system should collect file permission changes for all users and root. If the <code>auditd</code> daemon is configured to us...Rule Medium Severity -
Record Successful Permission Changes to Files - fchmodat
At a minimum, the audit system should collect file permission changes for all users and root. If the <code>auditd</code> daemon is configured to us...Rule Medium Severity -
Record Successful Ownership Changes to Files - fchown
At a minimum, the audit system should collect file ownership changes for all users and root. If the <code>auditd</code> daemon is configured to use...Rule Medium Severity -
Record Successful Ownership Changes to Files - fchownat
At a minimum, the audit system should collect file ownership changes for all users and root. If the <code>auditd</code> daemon is configured to use...Rule Medium Severity -
Record Successful Permission Changes to Files - fremovexattr
At a minimum, the audit system should collect file permission changes for all users and root. If the <code>auditd</code> daemon is configured to us...Rule Medium Severity -
Record Successful Permission Changes to Files - fsetxattr
At a minimum, the audit system should collect file permission changes for all users and root. If the <code>auditd</code> daemon is configured to us...Rule Medium Severity -
Record Successful Access Attempts to Files - ftruncate
At a minimum, the audit system should collect unauthorized file accesses for all users and root. If the <code>auditd</code> daemon is configured to...Rule Medium Severity -
Record Successful Ownership Changes to Files - lchown
At a minimum, the audit system should collect file ownership changes for all users and root. If the <code>auditd</code> daemon is configured to use...Rule Medium Severity -
Record Successful Permission Changes to Files - lremovexattr
At a minimum, the audit system should collect file permission changes for all users and root. If the <code>auditd</code> daemon is configured to us...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.