Skip to content

Guide to the Secure Configuration of Red Hat Enterprise Linux 9

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Configure auditing of successful file creations (AArch64)

    Ensure that successful attempts to create a file are audited. The following rules configure audit as described above: <pre>## Successful file crea...
    Rule Medium Severity
  • cvs_read_shadow SELinux Boolean

    default - Default SELinux boolean setting.
    on - SELinux boolean is enabled.
    off - SELinux boolean is disabled.
    Value
  • Configure auditing of successful file creations (ppc64le)

    Ensure that successful attempts to create a file are audited. The following rules configure audit as described above: <pre>## Successful file crea...
    Rule Medium Severity
  • Configure auditing of unsuccessful file deletions

    Ensure that unsuccessful attempts to delete a file are audited. The following rules configure audit as described above: <pre>## Unsuccessful file ...
    Rule Medium Severity
  • Configure auditing of unsuccessful file deletions (AArch64)

    Ensure that unsuccessful attempts to delete a file are audited. The following rules configure audit as described above: <pre>## Unsuccessful file ...
    Rule Medium Severity
  • Configure auditing of unsuccessful file deletions (ppc64le)

    Ensure that unsuccessful attempts to delete a file are audited. The following rules configure audit as described above: <pre>## Unsuccessful file ...
    Rule Medium Severity
  • Configure auditing of successful file deletions

    Ensure that successful attempts to delete a file are audited. The following rules configure audit as described above: <pre>## Successful file dele...
    Rule Medium Severity
  • Configure auditing of successful file deletions (AArch64)

    Ensure that successful attempts to delete a file are audited. The following rules configure audit as described above: <pre>## Successful file dele...
    Rule Medium Severity
  • Ensure syslog-ng is Installed

    syslog-ng can be installed in replacement of rsyslog. The <code>syslog-ng-core</code> package can be installed with the following command: <pre> $ ...
    Rule Medium Severity
  • Configure auditing of successful file deletions (ppc64le)

    Ensure that successful attempts to delete a file are audited. The following rules configure audit as described above: <pre>## Successful file dele...
    Rule Medium Severity
  • Configure immutable Audit login UIDs

    Configure kernel to prevent modification of login UIDs once they are set. Changing login UIDs while this configuration is enforced requires special...
    Rule Medium Severity
  • Configure auditing of unsuccessful file modifications

    Ensure that unsuccessful attempts to modify a file are audited. The following rules configure audit as described above: <pre>## Unsuccessful file ...
    Rule Medium Severity
  • Configure auditing of unsuccessful file modifications (AARch64)

    Ensure that unsuccessful attempts to modify a file are audited. The following rules configure audit as described above: <pre>## Unsuccessful file ...
    Rule Medium Severity
  • Configure auditing of unsuccessful file modifications (ppc64le)

    Ensure that unsuccessful attempts to modify a file are audited. The following rules configure audit as described above: <pre>## Unsuccessful file ...
    Rule Medium Severity
  • Configure auditing of successful file modifications

    Ensure that successful attempts to modify a file are audited. The following rules configure audit as described above: <pre>## Successful file modi...
    Rule Medium Severity
  • Enable syslog-ng Service

    The <code>syslog-ng</code> service (in replacement of rsyslog) provides syslog-style logging by default on Debian. The <code>syslog-ng</code> serv...
    Rule Medium Severity
  • Configure auditing of successful file modifications (AArch64)

    Ensure that successful attempts to modify a file are audited. The following rules configure audit as described above: <pre>## Successful file modi...
    Rule Medium Severity
  • Configure auditing of successful file modifications (ppc64le)

    Ensure that successful attempts to modify a file are audited. The following rules configure audit as described above: <pre>## Successful file modi...
    Rule Medium Severity
  • Configure auditing of loading and unloading of kernel modules

    Ensure that loading and unloading of kernel modules is audited. The following rules configure audit as described above: <pre>## These rules watch ...
    Rule Medium Severity
  • Configure auditing of loading and unloading of kernel modules (ppc64le)

    Ensure that loading and unloading of kernel modules is audited. The following rules configure audit as described above: <pre>## These rules watch ...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules