Skip to content

Guide to the Secure Configuration of Red Hat Enterprise Linux 8

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Enable the nfs_export_all_ro SELinux Boolean

    By default, the SELinux boolean <code>nfs_export_all_ro</code> is enabled. If this setting is disabled, it should be enabled as it allows NFS to ex...
    Rule Medium Severity
  • Enable the nfs_export_all_rw SELinux Boolean

    By default, the SELinux boolean <code>nfs_export_all_rw</code> is enabled. If this setting is disabled, it should be enabled as it allows NFS to ex...
    Rule Medium Severity
  • Configure the CUPS Service if Necessary

    CUPS provides the ability to easily share local printers with other systems over the network. It does this by allowing systems to share lists of av...
    Group
  • Uninstall squid Package

    The squid package can be removed with the following command:
     $ sudo yum erase squid
    Rule Unknown Severity
  • Disable Squid

    The squid service can be disabled with the following command:
    $ sudo systemctl mask --now squid.service
    Rule Unknown Severity
  • Remote Authentication Dial-In User Service (RADIUS)

    Remote Authentication Dial-In User Service (RADIUS) is a networking protocol, operating on port 1812 that provides centralized Authentication, Auth...
    Group
  • Remove the FreeRadius Server Package

    The <code>freeradius</code> package should be removed if not in use. Is this system a RADIUS server? If not, remove the package. The <code>freeradi...
    Rule Low Severity
  • Hardware RNG Entropy Gatherer Daemon

    The rngd feeds random data from hardware device to kernel random device.
    Group
  • Enable the Hardware RNG Entropy Gatherer Service

    The Hardware RNG Entropy Gatherer service should be enabled. The <code>rngd</code> service can be enabled with the following command: <pre>$ sudo ...
    Rule Low Severity
  • Disable the nfsd_anon_write SELinux Boolean

    By default, the SELinux boolean <code>nfsd_anon_write</code> is disabled. If this setting is enabled, it should be disabled. To disable the <code>...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules