Skip to content
Log In

Guide to the Secure Configuration of Red Hat Enterprise Linux 7

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Read Sections Completely and in Order

    Each section may build on information and recommendations discussed in prior sections. Each section should be read and understood completely; instructions should never be blindly applied. Relevant ...
    Group
    Show

  • Reboot Required

    A system reboot is implicitly required after some actions in order to complete the reconfiguration of the system. In many cases, the changes will not take effect until a reboot is performed. In ord...
    Group
    Show

  • Root Shell Environment Assumed

    Most of the actions listed in this document are written with the assumption that they will be executed by the root user running the <code>/bin/bash</code> shell. Commands preceded with a hash mark ...
    Group
    Show

  • Test in Non-Production Environment

    This guidance should always be tested in a non-production environment before deployment. This test environment should simulate the setup in which the system will be deployed as closely as possible.
    Group
    Show

  • Disable ypserv Service

    The <code>ypserv</code> service, which allows the system to act as a client in a NIS or NIS+ domain, should be disabled. The <code>ypserv</code> service can be disabled with the following command:...
    Rule Medium Severity
    Show

  • SSH Strong MACs by FIPS

    Specify the FIPS approved MACs (Message Authentication Code) algorithms that are used for data integrity protection by the SSH server.
    Value
    Show

  • Remove SSH Server firewalld Firewall exception (Unusual)

    By default, inbound connections to SSH's port are allowed. If the SSH server is not being used, this exception should be removed from the firewall configuration. <br><br> To configure <code>firewa...
    Rule Unknown Severity
    Show

  • Verify File Hashes with RPM

    Without cryptographic integrity protections, system executables and files can be altered by unauthorized users without detection. The RPM package management system can check the hashes of installed...
    Rule High Severity
    Show

  • Verify and Correct File Permissions with RPM

    The RPM package management system can check file access permissions of installed software packages, including many that are important to system security. Verify that the file permissions of system ...
    Rule High Severity
    Show

  • Ensure /dev/shm is configured

    The <code>/dev/shm</code> is a traditional shared memory concept. One program will create a memory portion, which other processes (if permitted) can access. If <code>/dev/shm</code> is not configur...
    Rule Low Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules