Skip to content
ATO Pathways
  Log In

Guide to the Secure Configuration of Red Hat Virtualization 4

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Enable Smartcards in SSSD

    SSSD should be configured to authenticate access to the system using smart cards. To enable smart cards in SSSD, set <code>pam_cert_auth</code> to ...
    Rule Medium Severity
    Show

  • Configure SSSD's Memory Cache to Expire

    SSSD's memory cache should be configured to set to expire records after <code><xccdf-1.2:sub idref="xccdf_org.ssgproject.content_value_var_sssd_mem...
    Rule Medium Severity
    Show

  • Configure SSSD to Expire Offline Credentials

    SSSD should be configured to expire offline credentials after 1 day. To configure SSSD to expire offline credentials, set <code>offline_credential...
    Rule Medium Severity
    Show

  • Disable X Windows

    Unless there is a mission-critical reason for the system to run a graphical user interface, ensure X is not set to start automatically at boot and ...
    Group
    Show

  • Remove the X Windows Package Group

    By removing the xorg-x11-server-common package, the system no longer has X Windows installed. If X Windows is not installed then the system cannot ...
    Rule Medium Severity
    Show

  • Disable X Windows Startup By Setting Default Target

    Systems that do not require a graphical user interface should only boot by default into <code>multi-user.target</code> mode. This prevents accident...
    Rule Medium Severity
    Show

  • Introduction

    The purpose of this guidance is to provide security configuration recommendations and baselines for the Red Hat Virtualization 4 operating system. ...
    Group
    Show

  • General Principles

    The following general principles motivate much of the advice in this guide and should also influence any configuration decisions that are not expli...
    Group
    Show

  • Encrypt Transmitted Data Whenever Possible

    Data transmitted over a network, whether wired or wireless, is susceptible to passive monitoring. Whenever practical solutions for encrypting such ...
    Group
    Show

  • Least Privilege

    Grant the least privilege necessary for user accounts and software to perform tasks. For example, <code>sudo</code> can be implemented to limit aut...
    Group
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules