Skip to content
ATO Pathways
  Log In

Guide to the Secure Configuration of Red Hat Virtualization 4

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Network Parameters for Hosts Only

    If the system is not going to be used as a router, then setting certain kernel parameters ensure that the host will not perform routing of network ...
    Group
    Show

  • Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces

    To set the runtime status of the <code>net.ipv4.conf.all.send_redirects</code> kernel parameter, run the following command: <pre>$ sudo sysctl -w n...
    Rule Medium Severity
    Show

  • Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces by Default

    To set the runtime status of the <code>net.ipv4.conf.default.send_redirects</code> kernel parameter, run the following command: <pre>$ sudo sysctl ...
    Rule Medium Severity
    Show

  • Disable Kernel Parameter for IP Forwarding on IPv4 Interfaces

    To set the runtime status of the <code>net.ipv4.ip_forward</code> kernel parameter, run the following command: <pre>$ sudo sysctl -w net.ipv4.ip_fo...
    Rule Medium Severity
    Show

  • nftables

    <code>If firewalld or iptables are being used in your environment, please follow the guidance in their respective section and pass-over the guidanc...
    Group
    Show

  • Nftables Base Chain Hooks

    The possible hooks which can be used to configure the base chain are: <code>ingress</code> (only in netdev family since Linux kernel 4.2, and inet ...
    Value
    Show

  • Nftables Chain Names

    The rules in nftables are attached to chains. Unlike in iptables, there are no predefined chains like INPUT, OUTPUT, etc. Instead, to filter pack...
    Value
    Show

  • Nftables Base Chain Policies

    This is the default verdict that will be applied to packets reaching the end of the chain (i.e, no more rules to be evaluated against). Currently ...
    Value
    Show

  • cron_system_cronjob_use_shares SELinux Boolean

    default - Default SELinux boolean setting.
    on - SELinux boolean is enabled.
    off - SELinux boolean is disabled.
    Value
    Show

  • Verify Permissions on Important Files and Directories

    Permissions for many files on a system must be set restrictively to ensure sensitive information is properly protected. This section discusses impo...
    Group
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules