Skip to content

Guide to the Secure Configuration of Red Hat Virtualization 4

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Record Access Events to Audit Log Directory

    The audit system should collect access events to read audit log directory. The following audit rule will assure that access to audit log directory ...
    Rule Medium Severity
  • System Audit Logs Must Have Mode 0750 or Less Permissive

    If <code>log_group</code> in <code>/etc/audit/auditd.conf</code> is set to a group other than the <code>root</code> group account, change the mode...
    Rule Medium Severity
  • Audit Configuration Files Must Be Owned By Group root

    All audit configuration files must be owned by group root.
    chown :root /etc/audit/audit*.{rules,conf} /etc/audit/rules.d/*
    Rule Medium Severity
  • Audit Configuration Files Must Be Owned By Root

    All audit configuration files must be owned by root user. To properly set the owner of <code>/etc/audit/</code>, run the command: <pre>$ sudo chow...
    Rule Medium Severity
  • System Audit Logs Must Be Owned By Root

    All audit logs must be owned by root user and group. By default, the path for audit log is <pre>/var/log/audit/</pre>. To properly set the owner o...
    Rule Medium Severity
  • Audit Configuration Files Permissions are 640 or More Restrictive

    All audit configuration files permissions must be 640 or more restrictive.
    chmod 0640 /etc/audit/audit*.{rules,conf} /etc/audit/rules.d/*
    Rule Medium Severity
  • System Audit Logs Must Have Mode 0640 or Less Permissive

    If <code>log_group</code> in <code>/etc/audit/auditd.conf</code> is set to a group other than the <code>root</code> group account, change the mode...
    Rule Medium Severity
  • Record Events that Modify the System's Discretionary Access Controls

    At a minimum, the audit system should collect file permission changes for all users and root. Note that the "-F arch=b32" lines should be present e...
    Group
  • Record Events that Modify the System's Discretionary Access Controls - chmod

    At a minimum, the audit system should collect file permission changes for all users and root. If the <code>auditd</code> daemon is configured to us...
    Rule Medium Severity
  • Record Events that Modify the System's Discretionary Access Controls - chown

    At a minimum, the audit system should collect file permission changes for all users and root. If the <code>auditd</code> daemon is configured to us...
    Rule Medium Severity
  • Record Events that Modify the System's Discretionary Access Controls - fchmod

    At a minimum, the audit system should collect file permission changes for all users and root. If the <code>auditd</code> daemon is configured to us...
    Rule Medium Severity
  • Record Events that Modify the System's Discretionary Access Controls - fchmodat

    At a minimum, the audit system should collect file permission changes for all users and root. If the <code>auditd</code> daemon is configured to us...
    Rule Medium Severity
  • Record Events that Modify the System's Discretionary Access Controls - fchown

    At a minimum, the audit system should collect file permission changes for all users and root. If the <code>auditd</code> daemon is configured to us...
    Rule Medium Severity
  • Record Events that Modify the System's Discretionary Access Controls - fchownat

    At a minimum, the audit system should collect file permission changes for all users and root. If the <code>auditd</code> daemon is configured to us...
    Rule Medium Severity
  • Record Events that Modify the System's Discretionary Access Controls - fremovexattr

    At a minimum, the audit system should collect file permission changes for all users and root. <br><br> If the <code>auditd</code> daemon is configu...
    Rule Medium Severity
  • Record Events that Modify the System's Discretionary Access Controls - fsetxattr

    At a minimum, the audit system should collect file permission changes for all users and root. If the <code>auditd</code> daemon is configured to us...
    Rule Medium Severity
  • Record Events that Modify the System's Discretionary Access Controls - lchown

    At a minimum, the audit system should collect file permission changes for all users and root. If the <code>auditd</code> daemon is configured to us...
    Rule Medium Severity
  • Record Events that Modify the System's Discretionary Access Controls - lremovexattr

    At a minimum, the audit system should collect file permission changes for all users and root. <br><br> If the <code>auditd</code> daemon is configu...
    Rule Medium Severity
  • Record Events that Modify the System's Discretionary Access Controls - lsetxattr

    At a minimum, the audit system should collect file permission changes for all users and root. If the <code>auditd</code> daemon is configured to us...
    Rule Medium Severity
  • Record Events that Modify the System's Discretionary Access Controls - removexattr

    At a minimum, the audit system should collect file permission changes for all users and root. <br><br> If the <code>auditd</code> daemon is configu...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules