Skip to content
ATO Pathways
  Log In

Guide to the Secure Configuration of Red Hat Enterprise Linux 8

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Mount Remote Filesystems with Restrictive Options

    Edit the file <code>/etc/fstab</code>. For each filesystem whose type (column 3) is <code>nfs</code> or <code>nfs4</code>, add the text <code>,node...
    Group
    Show

  • Mount Remote Filesystems with Kerberos Security

    Add the <code>sec=krb5:krb5i:krb5p</code> option to the fourth column of <code>/etc/fstab</code> for the line which controls mounting of any NFS mo...
    Rule Medium Severity
    Show

  • Mount Remote Filesystems with nodev

    Add the nodev option to the fourth column of /etc/fstab for the line which controls mounting of any NFS mounts.
    Rule Medium Severity
    Show

  • Mount Remote Filesystems with noexec

    Add the noexec option to the fourth column of /etc/fstab for the line which controls mounting of any NFS mounts.
    Rule Medium Severity
    Show

  • Mount Remote Filesystems with nosuid

    Add the nosuid option to the fourth column of /etc/fstab for the line which controls mounting of any NFS mounts.
    Rule Medium Severity
    Show

  • Configure NFS Servers

    The steps in this section are appropriate for systems which operate as NFS servers.
    Group
    Show

  • Ensure All-Squashing Disabled On All Exports

    The <code>all_squash</code> maps all uids and gids to an anonymous user. This should be disabled by removing any instances of the <code>all_squash<...
    Rule Low Severity
    Show

  • Ensure Insecure File Locking is Not Allowed

    By default the NFS server requires secure file-lock requests, which require credentials from the client in order to lock a file. Most NFS clients s...
    Rule Medium Severity
    Show

  • Restrict NFS Clients to Privileged Ports

    By default, the server NFS implementation requires that all client requests be made from ports less than 1024. If your organization has control ove...
    Rule Unknown Severity
    Show

  • Use Kerberos Security on All Exports

    Using Kerberos on all exported mounts prevents a malicious client or user from impersonating a system user. To cryptography authenticate users to t...
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules