Guide to the Secure Configuration of Red Hat Enterprise Linux 7
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Disable URL Correction on Misspelled Entries
The <code>speling</code> module attempts to find a document match by allowing one misspelling in an otherwise failed request. If this functionality...Rule Unknown Severity -
Disable WebDAV (Distributed Authoring and Versioning)
WebDAV is an extension of the HTTP protocol that provides distributed and collaborative access to web content. If its functionality is unnecessary,...Rule Unknown Severity -
Minimize Modules for HTTP Basic Authentication
The following modules are necessary if this web server will provide content that will be restricted by a password. <br><br> Authentication can be p...Group -
Disable Plaintext Authentication
To prevent Dovecot from attempting plaintext authentication of clients, edit <code>/etc/dovecot/conf.d/10-auth.conf</code> and add\or correct the f...Rule Unknown Severity -
Minimize Configuration Files Included
The <code>Include</code> directive directs <code>httpd</code> to load supplementary configuration files from a provided path. The default configura...Group -
Minimize Various Optional Components
The following modules perform very specific tasks, sometimes providing access to just a few additional directives. If such functionality is not req...Group -
Use Appropriate Modules to Improve httpd's Security
Among the modules available for <code>httpd</code> are several whose use may improve the security of the web server installation. This section reco...Group -
Deploy mod_security
The <code>security</code> module provides an application level firewall for <code>httpd</code>. Following its installation with the base ruleset, s...Group -
Install mod_security
Install the <code>security</code> module: The <code>mod_security</code> package can be installed with the following command: <pre> $ sudo yum insta...Rule Unknown Severity -
Deploy mod_ssl
Because HTTP is a plain text protocol, all traffic is susceptible to passive monitoring. If there is a need for confidentiality, SSL should be conf...Group -
Enable Transport Layer Security (TLS) Encryption
Disable old SSL and TLS version and enable the latest TLS encryption by setting the following in <code>/etc/httpd/conf.modules.d/ssl.conf</code>: <...Rule Medium Severity -
Configure A Valid Server Certificate
Configure the web site to use a valid organizationally defined certificate. For DoD, this is a DoD server certificate issued by the DoD CA.Rule Medium Severity -
Install mod_ssl
Install the <code>mod_ssl</code> module: The <code>mod_ssl</code> package can be installed with the following command: <pre> $ sudo yum install mod...Rule Unknown Severity -
Require Client Certificates
<code>SSLVerifyClient</code> should be set and configured to <code>require</code> by setting the following in <code>/etc/httpd/conf/httpd.conf</cod...Rule Medium Severity -
Restrict Web Server Information Leakage
The <code>ServerTokens</code> and <code>ServerSignature</code> directives determine how much information the web server discloses about the configu...Group -
Set httpd ServerSignature Directive to Off
<code>ServerSignature Off</code> restricts <code>httpd</code> from displaying server version number on error pages. <br><br> Add or correct the fol...Rule Unknown Severity -
Set httpd ServerTokens Directive to Prod
<code>ServerTokens Prod</code> restricts information in page headers, returning only the word "Apache." <br><br> Add or correct the following direc...Rule Unknown Severity -
Configure HTTPD-Served Web Content Securely
Running <code>httpd</code> inside a <code>chroot</code> jail is designed to isolate the web server process to a small section of the filesystem, li...Group -
Web Login Banner Verbiage
Enter an appropriate login banner for your organization. Please note that new lines must be expressed by the '\n' character and special characters ...Value -
Configure A Banner Page For Each Website
Configure a login banner for each website when authentication is required for user access.Rule Low Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.