Guide to the Secure Configuration of Red Hat Enterprise Linux 9
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Only Authorized Local User Accounts Exist on Operating System
Enterprise Application tends to use the server or virtual machine exclusively. Besides the default operating system user, there should be only auth...Rule Medium Severity -
Ensure All Groups on the System Have Unique Group ID
Change the group name or delete groups, so each has a unique id.Rule Medium Severity -
Set Account Expiration Parameters
Accounts can be configured to be automatically disabled after a certain time period, meaning that they will require administrator interaction to be...Group -
Password Hashing algorithm
Specify the number of SHA rounds for the system password encryption algorithm. Defines the value set in <code>/etc/pam.d/system-auth</code> and <co...Value -
Set Account Expiration Following Inactivity
To specify the number of days after a password expires (which signifies inactivity) until an account is permanently disabled, add or correct the fo...Rule Medium Severity -
Assign Expiration Date to Emergency Accounts
Emergency accounts are privileged accounts established in response to crisis situations where the need for rapid account activation is required. In...Rule Medium Severity -
Assign Expiration Date to Temporary Accounts
Temporary accounts are established as part of normal account activation procedures when there is a need for short-term accounts. In the event tempo...Rule Medium Severity -
Ensure All Accounts on the System Have Unique Names
Ensure accounts on the system have unique names. To ensure all accounts have unique names, run the following command: <pre>$ sudo getent passwd | ...Rule Medium Severity -
Use Centralized and Automated Authentication
Implement an automated system for managing user accounts that minimizes the risk of errors, either intentional or deliberate. This system should in...Rule Medium Severity -
Set Password Expiration Parameters
The file <code>/etc/login.defs</code> controls several password-related settings. Programs such as <code>passwd</code>, <code>su</code>, and <code>...Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules