Skip to content

Guide to the Secure Configuration of Red Hat Enterprise Linux 7

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Verify /boot/grub2/grub.cfg User Ownership

    The file <code>/boot/grub2/grub.cfg</code> should be owned by the <code>root</code> user to prevent destruction or modification of the file. To pr...
    Rule Medium Severity
  • Verify /boot/grub2/user.cfg User Ownership

    The file <code>/boot/grub2/user.cfg</code> should be owned by the <code>root</code> user to prevent reading or modification of the file. To proper...
    Rule Medium Severity
  • Verify /boot/grub2/grub.cfg Permissions

    File permissions for <code>/boot/grub2/grub.cfg</code> should be set to 600. To properly set the permissions of <code>/boot/grub2/grub.cfg</code>,...
    Rule Medium Severity
  • Verify /boot/grub2/user.cfg Permissions

    File permissions for <code>/boot/grub2/user.cfg</code> should be set to 600. To properly set the permissions of <code>/boot/grub2/user.cfg</code>,...
    Rule Medium Severity
  • Set the Boot Loader Admin Username to a Non-Default Value

    The grub2 boot loader should have a superuser account and password protection enabled to protect boot-time settings. <br><br> To maximize the prote...
    Rule High Severity
  • Boot Loader Is Not Installed On Removeable Media

    The system must not allow removable media to be used as the boot loader. Remove alternate methods of booting the system from removable media. <code...
    Rule Medium Severity
  • net.ipv4.conf.default.secure_redirects

    Enable to prevent hijacking of routing path by only allowing redirects from gateways known in routing table. Disable to refuse acceptance of secure...
    Value
  • Verify the UEFI Boot Loader grub.cfg Group Ownership

    The file <code>/boot/efi/EFI/redhat/grub.cfg</code> should be group-owned by the <code>root</code> group to prevent destruction or modification of ...
    Rule Medium Severity
  • Verify /boot/efi/EFI/redhat/user.cfg Group Ownership

    The file <code>/boot/efi/EFI/redhat/user.cfg</code> should be group-owned by the <code>root</code> group to prevent reading or modification of the ...
    Rule Medium Severity
  • Verify the UEFI Boot Loader grub.cfg User Ownership

    The file <code>/boot/efi/EFI/redhat/grub.cfg</code> should be owned by the <code>root</code> user to prevent destruction or modification of the fil...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules