Skip to content

Guide to the Secure Configuration of Red Hat Virtualization 4

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Restrict Serial Port Root Logins

    To restrict root logins on serial ports, ensure lines of this form do not appear in /etc/securetty:
    ttyS0
    ttyS1
    Rule Medium Severity
  • Restrict Virtual Console Root Logins

    To restrict root logins through the (deprecated) virtual console devices, ensure lines of this form do not appear in <code>/etc/securetty</code>: <...
    Rule Medium Severity
  • Enforce usage of pam_wheel for su authentication

    To ensure that only users who are members of the <code>wheel</code> group can run commands with altered privileges through the <code>su</code> comm...
    Rule Medium Severity
  • Secure Session Configuration Files for Login Accounts

    When a user logs into a Unix account, the system configures the user's session by reading a number of files. Many of these files are located in the...
    Group
  • Maximum login attempts delay

    Maximum time in seconds between fail login attempts before re-prompting.
    Value
  • Account Inactivity Timeout (seconds)

    In an interactive shell, the value is interpreted as the number of seconds to wait for input after issuing the primary prompt. Bash terminates afte...
    Value
  • Interactive users initialization files

    'A regular expression describing a list of file names for files that are sourced at login time for interactive users'
    Value
  • Ensure Home Directories are Created for New Users

    All local interactive user accounts, upon creation, should be assigned a home directory. <br><br> Configure the operating system to assign home dir...
    Rule Medium Severity
  • Ensure the Logon Failure Delay is Set Correctly in login.defs

    To ensure the logon failure delay controlled by <code>/etc/login.defs</code> is set properly, add or correct the <code>FAIL_DELAY</code> setting in...
    Rule Medium Severity
  • Limit the Number of Concurrent Login Sessions Allowed Per User

    Limiting the number of allowed users and sessions per user can limit risks related to Denial of Service attacks. This addresses concurrent sessions...
    Rule Low Severity
  • Configure Polyinstantiation of /tmp Directories

    To configure polyinstantiated /tmp directories, first create the parent directories which will hold the polyinstantiation child directories. Use th...
    Rule Low Severity
  • Configure Polyinstantiation of /var/tmp Directories

    To configure polyinstantiated /tmp directories, first create the parent directories which will hold the polyinstantiation child directories. Use th...
    Rule Low Severity
  • User Initialization Files Must Be Group-Owned By The Primary Group

    Change the group owner of interactive users files to the group found in <pre>/etc/passwd</pre> for the user. To change the group owner of a local i...
    Rule Medium Severity
  • User Initialization Files Must Not Run World-Writable Programs

    Set the mode on files being executed by the user initialization files with the following command:
    $ sudo chmod o-w FILE
    Rule Medium Severity
  • User Initialization Files Must Be Owned By the Primary User

    Set the owner of the user initialization files for interactive users to the primary owner with the following command: <pre>$ sudo chown <i>USER</i>...
    Rule Medium Severity
  • Ensure that Users Path Contains Only Local Directories

    Ensure that all interactive user initialization files executable search path statements do not contain statements that will reference a working dir...
    Rule Medium Severity
  • All Interactive Users Must Have A Home Directory Defined

    Assign home directories to all interactive users that currently do not have a home directory assigned. This rule checks if the home directory is p...
    Rule Medium Severity
  • All Interactive Users Home Directories Must Exist

    Create home directories to all local interactive users that currently do not have a home directory assigned. Use the following commands to create t...
    Rule Medium Severity
  • All User Files and Directories In The Home Directory Must Be Group-Owned By The Primary Group

    Change the group of a local interactive users files and directories to a group that the interactive user is a member of. To change the group owner ...
    Rule Medium Severity
  • All User Files and Directories In The Home Directory Must Have a Valid Owner

    Either remove all files and directories from the system that do not have a valid user, or assign a valid user to all unowned files and directories....
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules