Skip to content

Guide to the Secure Configuration of Red Hat Enterprise Linux 9

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Remove Host-Based Authentication Files

    The <code>shosts.equiv</code> file lists remote hosts and users that are trusted by the local system. To remove these files, run the following comm...
    Rule High Severity
  • Remove Rsh Trust Files

    The files <code>/etc/hosts.equiv</code> and <code>~/.rhosts</code> (in each user's home directory) list remote hosts and users that are trusted by ...
    Rule High Severity
  • Remove User Host-Based Authentication Files

    The <code>~/.shosts</code> (in each user's home directory) files list remote hosts and users that are trusted by the local system. To remove these ...
    Rule High Severity
  • Chat/Messaging Services

    The talk software makes it possible for users to send and receive messages across systems through a terminal session.
    Group
  • Uninstall talk-server Package

    The talk-server package can be removed with the following command:
     $ sudo dnf erase talk-server
    Rule Medium Severity
  • Uninstall talk Package

    The <code>talk</code> package contains the client program for the Internet talk protocol, which allows the user to chat with other users on differe...
    Rule Medium Severity
  • Telnet

    The telnet protocol does not provide confidentiality or integrity for information transmitted on the network. This includes authentication informat...
    Group
  • SSH Approved MACs by FIPS

    Specify the FIPS approved MACs (message authentication code) algorithms that are used for data integrity protection by the SSH server.
    Value
  • Uninstall telnet-server Package

    The telnet-server package can be removed with the following command:
    $ sudo dnf erase telnet-server
    Rule High Severity
  • Remove telnet Clients

    The telnet client allows users to start connections to other systems via the telnet protocol.
    Rule Low Severity
  • Disable telnet Service

    Make sure that the activation of the <code>telnet</code> service on system boot is disabled. The <code>telnet</code> socket can be disabled with t...
    Rule High Severity
  • TFTP Server

    TFTP is a lightweight version of the FTP protocol which has traditionally been used to configure networking equipment. However, TFTP provides littl...
    Group
  • TFTP server secure directory

    Specify the directory which is used by TFTP server as a root directory when running in secure mode.
    Value
  • Uninstall tftp-server Package

    The tftp-server package can be removed with the following command:
     $ sudo dnf erase tftp-server
    Rule High Severity
  • Remove tftp Daemon

    Trivial File Transfer Protocol (TFTP) is a simple file transfer protocol, typically used to automatically transfer configuration or boot files betw...
    Rule Low Severity
  • Ensure tftp Daemon Uses Secure Mode

    If running the Trivial File Transfer Protocol (TFTP) service is necessary, it should be configured to change its root directory at startup. To do s...
    Rule Medium Severity
  • Print Support

    The Common Unix Printing System (CUPS) service provides both local and network printing support. A system running the CUPS service can accept print...
    Group
  • Uninstall CUPS Package

    The cups package can be removed with the following command:
    $ sudo dnf erase cups
    Rule Unknown Severity
  • Disable the CUPS Service

    The cups service can be disabled with the following command:
    $ sudo systemctl mask --now cups.service
    Rule Unknown Severity
  • Configure the CUPS Service if Necessary

    CUPS provides the ability to easily share local printers with other systems over the network. It does this by allowing systems to share lists of av...
    Group

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules