Skip to content

Guide to the Secure Configuration of Red Hat Enterprise Linux 7

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Ensure auditd Collects Information on the Use of Privileged Commands - usermod

    At a minimum, the audit system should collect the execution of privileged commands for all users and root. If the <code>auditd</code> daemon is con...
    Rule Medium Severity
  • Type of hostname to record the audit event

    Type of hostname to record the audit event
    Value
  • Set type of computer node name logging in audit logs

    To configure Audit daemon to use a unique identifier as computer node name in the audit events, set <code>name_format</code> to <code><xccdf-1.2:su...
    Rule Medium Severity
  • Restrict unprivileged access to the kernel syslog

    Enforce restrictions on unprivileged users reading the kernel syslog via dmesg(8). The configuration that was used to build kernel is available at...
    Rule Medium Severity
  • Ensure Log Files Are Owned By Appropriate Group

    The group-owner of all log files written by <code>rsyslog</code> should be <code>root</code>. These log files are determined by the second part of ...
    Rule Medium Severity
  • Install systemd-journal-remote Package

    Journald (via systemd-journal-remote ) supports the ability to send log events it gathers to a remote log host or to receive messages from remote h...
    Rule Medium Severity
  • Disable systemd-journal-remote Socket

    Journald supports the ability to receive messages from remote hosts, thus acting as a log server. Clients should not receive data from other hosts....
    Rule Medium Severity
  • Dectivate firewalld Rules

    Firewalls can be used to separate networks into different zones based on the level of trust the user has decided to place on the devices and traffi...
    Group
  • Ensure nftables Default Deny Firewall Policy

    Base chain policy is the default verdict that will be applied to packets reaching the end of the chain. There are two policies: accept (Default) an...
    Rule Medium Severity
  • Ensure Base Chains Exist for Nftables

    Tables in nftables hold chains. Each table only has one address family and only applies to packets of this family. Tables can have one of six famil...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules