Skip to content

Guide to the Secure Configuration of Red Hat Enterprise Linux 7

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Remove the Kerberos Server Package

    The <code>krb5-server</code> package should be removed if not in use. Is this system the Kerberos server? If not, remove the package. The <code>krb...
    Rule Medium Severity
  • Disable Kerberos by removing host keytab

    Kerberos is not an approved key distribution method for Common Criteria. To prevent using Kerberos by system daemons, remove the Kerberos keytab fi...
    Rule Medium Severity
  • LDAP

    LDAP is a popular directory service, that is, a standardized way of looking up information from a central database. Red Hat Enterprise Linux 7 incl...
    Group
  • Configure OpenLDAP Clients

    This section provides information on which security settings are important to configure in OpenLDAP clients by manually editing the appropriate con...
    Group
  • Ensure LDAP client is not installed

    The Lightweight Directory Access Protocol (LDAP) is a service that provides a method for looking up information from a central database. The <code>...
    Rule Low Severity
  • Enable the LDAP Client For Use in Authconfig

    To determine if LDAP is being used for authentication, use the following command: <pre>$ sudo grep -i useldapauth /etc/sysconfig/authconfig</pre> <...
    Rule Medium Severity
  • Configure LDAP Client to Use TLS For All Transactions

    This check verifies cryptography has been implemented to protect the integrity of remote LDAP authentication sessions. <br><br> To determine if LDA...
    Rule Medium Severity
  • Configure Certificate Directives for LDAP Use of TLS

    Ensure a copy of a trusted CA certificate has been placed in the file <code>/etc/pki/tls/CA/cacert.pem</code>. Configure LDAP to enforce TLS use an...
    Rule Medium Severity
  • Configure OpenLDAP Server

    This section details some security-relevant settings for an OpenLDAP server. Installation and configuration of OpenLDAP on Red Hat Enterprise Linu...
    Group
  • Uninstall openldap-servers Package

    The openldap-servers package is not installed by default on a Red Hat Enterprise Linux 7 system. It is needed only by the OpenLDAP server, not by t...
    Rule Low Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules