Skip to content

Guide to the Secure Configuration of Red Hat Enterprise Linux 7

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Uninstall nginx Package

    The nginx package can be removed with the following command:
    $ sudo yum erase nginx
    Rule Unknown Severity
  • Configure firewall to Allow Access to the Web Server

    By default, <code>firewalld</code> blocks access to the ports used by the web server. To configure <code>firewalld</code> to allow <code>http</co...
    Rule Low Severity
  • Allow IMAP Clients to Access the Server

    The default <code>firewalld</code> configuration does not allow inbound access to any services. This modification will allow remote hosts to initi...
    Group
  • Uninstall cyrus-imapd Package

    The cyrus-imapd package can be removed with the following command:
    $ sudo yum erase cyrus-imapd
    Rule Unknown Severity
  • 389 Directory Server

    389 Directory Server is a popular open-source LDAP server for Linux.
    Group
  • Enable SSH Server firewalld Firewall Exception

    If the SSH server is in use, inbound connections to SSH's port should be allowed to permit remote access through SSH. In more restrictive firewalld...
    Rule Medium Severity
  • Use Only Strong MACs

    Limit the MACs to strong hash algorithms. The following line in <code>/etc/ssh/sshd_config</code> demonstrates use of those MACs: <pre>MACs <xccdf-...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules