Skip to content

Guide to the Secure Configuration of Red Hat Enterprise Linux 9

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Record Attempts to Alter Time Through clock_settime

    If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default),...
    Rule Medium Severity
  • Record attempts to alter time through settimeofday

    If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default),...
    Rule Medium Severity
  • Record Attempts to Alter Time Through stime

    If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default),...
    Rule Medium Severity
  • Record Attempts to Alter the localtime File

    If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default),...
    Rule Medium Severity
  • cups_execmem SELinux Boolean

    default - Default SELinux boolean setting.
    on - SELinux boolean is enabled.
    off - SELinux boolean is disabled.
    Value
  • Configure a Sufficiently Large Partition for Audit Logs

    The Red Hat Enterprise Linux 9 operating system must allocate audit record storage capacity to store at least one weeks worth of audit records when...
    Rule Medium Severity
  • Configure audispd's Plugin disk_full_action When Disk Is Full

    Configure the action the operating system takes if the disk the audit records are written to becomes full. Edit the file <code>/etc/audit/audisp-re...
    Rule Medium Severity
  • Encrypt Audit Records Sent With audispd Plugin

    Configure the operating system to encrypt the transfer of off-loaded audit records onto a different system or media from the system being audited. ...
    Rule Medium Severity
  • Configure audispd's Plugin network_failure_action On Network Failure

    Configure the action the operating system takes if there is an error sending audit records to a remote system. Edit the file <code>/etc/audit/audis...
    Rule Medium Severity
  • Configure auditd to use audispd's syslog plugin

    To configure the <code>auditd</code> service to use the <code>syslog</code> plug-in of the <code>audispd</code> audit event multiplexor, set the <c...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules