Skip to content

Guide to the Secure Configuration of Red Hat Enterprise Linux 7

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Ensure Privileged Escalated Commands Cannot Execute Other Commands - sudo NOEXEC

    The sudo <code>NOEXEC</code> tag, when specified, prevents user executed commands from executing other commands, like a shell for example. This sho...
    Rule High Severity
  • Ensure sudo passwd_timeout is appropriate - sudo passwd_timeout

    The sudo <code>passwd_timeout</code> tag sets the amount of time sudo password prompt waits. On Red Hat Enterprise Linux 7, the default <code>passw...
    Rule Medium Severity
  • Ensure Only Users Logged In To Real tty Can Execute Sudo - sudo requiretty

    The sudo <code>requiretty</code> tag, when specified, will only execute sudo commands from users logged in to a real tty. This should be enabled by...
    Rule Medium Severity
  • Ensure sudo umask is appropriate - sudo umask

    The sudo <code>umask</code> tag, when specified, will be added the to the user's umask in the command environment. On Red Hat Enterprise Linux 7, t...
    Rule Medium Severity
  • Ensure Only Users Logged In To Real tty Can Execute Sudo - sudo use_pty

    The sudo <code>use_pty</code> tag, when specified, will only execute sudo commands from users logged in to a real tty. This should be enabled by ma...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules