Skip to content
Log In

Guide to the Secure Configuration of Red Hat Enterprise Linux 7

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Enable Transport Layer Security (TLS) Encryption

    Disable old SSL and TLS version and enable the latest TLS encryption by setting the following in <code>/etc/httpd/conf.modules.d/ssl.conf</code>: <pre>SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1<...
    Rule Medium Severity
    Show

  • Configure A Valid Server Certificate

    Configure the web site to use a valid organizationally defined certificate. For DoD, this is a DoD server certificate issued by the DoD CA.
    Rule Medium Severity
    Show

  • Install mod_ssl

    Install the mod_ssl module: The mod_ssl package can be installed with the following command: 
    $ sudo yum install mod_ssl
    Rule Unknown Severity
    Show

  • Require Client Certificates

    SSLVerifyClient should be set and configured to require by setting the following in /etc/httpd/conf/httpd.conf: 
    SSLVerifyClient require
    Rule Medium Severity
    Show

  • Restrict Web Server Information Leakage

    The ServerTokens and ServerSignature directives determine how much information the web server discloses about the configuration of the system.
    Group
    Show

  • Set httpd ServerSignature Directive to Off

    <code>ServerSignature Off</code> restricts <code>httpd</code> from displaying server version number on error pages. <br><br> Add or correct the following directive in <code>/etc/httpd/conf/httpd.co...
    Rule Unknown Severity
    Show

  • Set httpd ServerTokens Directive to Prod

    <code>ServerTokens Prod</code> restricts information in page headers, returning only the word "Apache." <br><br> Add or correct the following directive in <code>/etc/httpd/conf/httpd.conf</code>: <...
    Rule Unknown Severity
    Show

  • Configure HTTPD-Served Web Content Securely

    Running <code>httpd</code> inside a <code>chroot</code> jail is designed to isolate the web server process to a small section of the filesystem, limiting the damage if it is compromised. Versions o...
    Group
    Show

  • Web Login Banner Verbiage

    Enter an appropriate login banner for your organization. Please note that new lines must be expressed by the '\n' character and special characters like parentheses and quotation marks must be escap...
    Value
    Show

  • Configure A Banner Page For Each Website

    Configure a login banner for each website when authentication is required for user access.
    Rule Low Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules