Guide to the Secure Configuration of Red Hat Enterprise Linux 8
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Drop Gratuitious ARP frames on All IPv4 Interfaces
To set the runtime status of the <code>net.ipv4.conf.all.drop_gratuitous_arp</code> kernel parameter, run the following command: <pre>$ sudo sysctl -w net.ipv4.conf.all.drop_gratuitous_arp=1</pre> ...Rule Medium Severity -
Disable Kernel Parameter for IPv4 Forwarding on all IPv4 Interfaces
To set the runtime status of the <code>net.ipv4.conf.all.forwarding</code> kernel parameter, run the following command: <pre>$ sudo sysctl -w net.ipv4.conf.all.forwarding=0</pre> To make sure that ...Rule Medium Severity -
Enable Kernel Parameter to Log Martian Packets on all IPv4 Interfaces
To set the runtime status of the <code>net.ipv4.conf.all.log_martians</code> kernel parameter, run the following command: <pre>$ sudo sysctl -w net.ipv4.conf.all.log_martians=1</pre> To make sure t...Rule Unknown Severity -
Disable the CUPS Service
Thecupsservice can be disabled with the following command:$ sudo systemctl mask --now cups.service
Rule Unknown Severity -
Disable Squid if Possible
If Squid was installed and activated, but the system does not need to act as a proxy server, then it should be disabled and removed.Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules