Skip to content

Guide to the Secure Configuration of Red Hat Enterprise Linux 7

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Extend Audit Backlog Limit for the Audit Daemon

    To improve the kernel capacity to queue all log events, even those which occurred prior to the audit daemon, add the argument <code>audit_backlog_l...
    Rule Low Severity
  • Configure auditd Rules for Comprehensive Auditing

    The <code>auditd</code> program can perform comprehensive monitoring of system activity. This section describes recommended configuration settings ...
    Group
  • Audit failure mode

    This variable is the setting for the -f option in Audit configuration which sets the failure mode of audit. This option lets you determine how you ...
    Value
  • Record Events that Modify User/Group Information via open syscall - /etc/group

    The audit system should collect write events to /etc/group file for all users and root. If the <code>auditd</code> daemon is configured to use the ...
    Rule Medium Severity
  • Record Events that Modify User/Group Information via open_by_handle_at syscall - /etc/group

    The audit system should collect write events to /etc/group file for all group and root. If the <code>auditd</code> daemon is configured to use the ...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules