Guide to the Secure Configuration of Red Hat Enterprise Linux 7
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Kernel GCC plugin configuration
Contains rules that check the configuration of GCC plugins used by the compilerGroup -
Configure Syslog
The syslog service has been the default Unix logging mechanism for many years. It has a number of downsides, including inconsistent log format, lac...Group -
Ensure rsyslog-gnutls is installed
TLS protocol support for rsyslog is installed. The <code>rsyslog-gnutls</code> package can be installed with the following command: <pre> $ sudo y...Rule Medium Severity -
Ensure rsyslog is Installed
Rsyslog is installed by default. Thersyslogpackage can be installed with the following command:$ sudo yum install rsyslog
Rule Medium Severity -
Enable rsyslog Service
The <code>rsyslog</code> service provides syslog-style logging by default on Red Hat Enterprise Linux 7. The <code>rsyslog</code> service can be e...Rule Medium Severity -
Disable Logwatch on Clients if a Logserver Exists
Does your site have a central logserver which has been configured to report on logs received from all systems? If so: <pre>$ sudo rm /etc/cron.dail...Rule Unknown Severity -
Ensure rsyslog Default File Permissions Configured
rsyslog will create logfiles that do not already exist on the system. This settings controls what permissions will be applied to these newly create...Rule Medium Severity -
Configure Logwatch on the Central Log Server
Is this system the central log server? If so, edit the file/etc/logwatch/conf/logwatch.confas shown below.Group -
Configure Logwatch HostLimit Line
On a central logserver, you want Logwatch to summarize all syslog entries, including those which did not originate on the logserver itself. The <co...Rule Unknown Severity -
Configure Logwatch SplitHosts Line
If <code>SplitHosts</code> is set, Logwatch will separate entries by hostname. This makes the report longer but significantly more usable. If it is...Rule Unknown Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules