Skip to content

Guide to the Secure Configuration of Red Hat Enterprise Linux 7

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Disable netfs if Possible

    To determine if any network filesystems handled by netfs are currently mounted on the system execute the following command: <pre>$ mount -t nfs,nfs...
    Group
  • Disable Network File Systems (netfs)

    The netfs script manages the boot-time mounting of several types of networked filesystems, of which NFS and Samba are the most common. If these fil...
    Rule Unknown Severity
  • Disable Services Used Only by NFS

    If NFS is not needed, disable the NFS client daemons nfslock, rpcgssd, and rpcidmapd. <br><br> All of these daemons run with elevated privileges, a...
    Group
  • Uninstall rpcbind Package

    The rpcbind utility maps RPC services to the ports on which they listen. RPC processes notify rpcbind when they start, registering the ports they a...
    Rule Low Severity
  • Disable Network File System Lock Service (nfslock)

    The Network File System Lock (nfslock) service starts the required remote procedure call (RPC) processes which allow clients to lock files on the s...
    Rule Unknown Severity
  • Disable rpcbind Service

    The rpcbind utility maps RPC services to the ports on which they listen. RPC processes notify rpcbind when they start, registering the ports they a...
    Rule Low Severity
  • Disable Secure RPC Client Service (rpcgssd)

    The rpcgssd service manages RPCSEC GSS contexts required to secure protocols that use RPC (most often Kerberos and NFS). The rpcgssd service is the...
    Rule Unknown Severity
  • Disable RPC ID Mapping Service (rpcidmapd)

    The rpcidmapd service is used to map user names and groups to UID and GID numbers on NFSv4 mounts. If NFS is not in use on the local system then th...
    Rule Unknown Severity
  • Make Each System a Client or a Server, not Both

    If NFS must be used, it should be deployed in the simplest configuration possible to avoid maintainability problems which may lead to unnecessary s...
    Group
  • Configure NFS Services to Use Fixed Ports (NFSv3 and NFSv2)

    Firewalling should be done at each host and at the border firewalls to protect the NFS daemons from remote access, since NFS servers should never b...
    Group

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules