Skip to content

Guide to the Secure Configuration of Red Hat Enterprise Linux 7

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Use Only FIPS 140-2 Validated Ciphers

    Limit the ciphers to those algorithms which are FIPS-approved. The following line in <code>/etc/ssh/sshd_config</code> demonstrates use of FIPS-app...
    Rule Medium Severity
  • Use Only FIPS 140-2 Validated Key Exchange Algorithms

    Limit the key exchange algorithms to those which are FIPS-approved. Add or modify the following line in <code>/etc/ssh/sshd_config</code> <pre>Kex...
    Rule Medium Severity
  • Use Only FIPS 140-2 Validated MACs

    Limit the MACs to those hash algorithms which are FIPS-approved. The following line in <code>/etc/ssh/sshd_config</code> demonstrates use of FIPS-a...
    Rule Medium Severity
  • Use Only FIPS 140-2 Validated MACs

    Limit the MACs to those hash algorithms which are FIPS-approved. The following line in <code>/etc/ssh/sshd_config</code> demonstrates use of FIPS-a...
    Rule Medium Severity
  • Enable Use of Privilege Separation

    When enabled, SSH will create an unprivileged child process that has the privilege of the authenticated user. To enable privilege separation in SSH...
    Rule Medium Severity
  • Use Only Strong Ciphers

    Limit the ciphers to strong algorithms. Counter (CTR) mode is also preferred over cipher-block chaining (CBC) mode. The following line in <code>/et...
    Rule Medium Severity
  • Use Only Strong Key Exchange algorithms

    Limit the Key Exchange to strong algorithms. The following line in <code>/etc/ssh/sshd_config</code> demonstrates use of those: <pre>KexAlgorithms ...
    Rule Medium Severity
  • Prevent remote hosts from connecting to the proxy display

    The SSH daemon should prevent remote hosts from connecting to the proxy display. <br> The default SSH configuration for <code>X11UseLocalhost</code...
    Rule Medium Severity
  • Strengthen Firewall Configuration if Possible

    If the SSH server is expected to only receive connections from the local network, then strengthen the default firewall rule for the SSH service to ...
    Group
  • System Security Services Daemon

    The System Security Services Daemon (SSSD) is a system daemon that provides access to different identity and authentication providers such as Red H...
    Group

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules