Skip to content
ATO Pathways
  Log In

Guide to the Secure Configuration of Red Hat Virtualization 4

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Disable legacy (BSD) PTY support

    Disable the Linux traditional BSD-like terminal names /dev/ptyxx for masters and /dev/ttyxx for slaves of pseudo terminals, and use only the modern...
    Rule Medium Severity
    Show

  • Enable module signature verification

    Check modules for valid signatures upon load. Note that this option adds the OpenSSL development packages as a kernel build dependency so that the ...
    Rule Medium Severity
    Show

  • Enable automatic signing of all modules

    Sign all modules during make modules_install. Without this option, modules must be signed manually, using the scripts/sign-file tool. The configur...
    Rule Medium Severity
    Show

  • Require modules to be validly signed

    Reject unsigned modules or signed modules with an unknown key. The configuration that was used to build kernel is available at <code>/boot/config-...
    Rule Medium Severity
    Show

  • Specify the hash to use when signing modules

    This configures the kernel to build and sign modules using <xccdf-1.2:sub idref="xccdf_org.ssgproject.content_value_var_kernel_config_module_sig_ha...
    Rule Medium Severity
    Show

  • Specify module signing key to use

    Setting this option to something other than its default of <code>certs/signing_key.pem</code> will disable the autogeneration of signing keys and a...
    Rule Medium Severity
    Show

  • net.ipv6.conf.default.forwarding

    Toggle IPv6 default Forwarding
    Value
    Show

  • net.ipv6.conf.default.max_addresses

    Maximum number of autoconfigured IPv6 addresses
    Value
    Show

  • Sign kernel modules with SHA-512

    This configures the kernel to build and sign modules using SHA512 as the hash function. The configuration that was used to build kernel is availab...
    Rule Medium Severity
    Show

  • Enable poison without sanity check

    Skip the sanity checking on alloc, only fill the pages with poison on free. This reduces some of the overhead of the poisoning feature. This config...
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules