Guide to the Secure Configuration of Red Hat Enterprise Linux 8
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Install the SSSD Package
The <code>sssd</code> package should be installed. The <code>sssd</code> package can be installed with the following command: <pre> $ sudo yum inst...Rule Medium Severity -
Enable the SSSD Service
The SSSD service should be enabled. The <code>sssd</code> service can be enabled with the following command: <pre>$ sudo systemctl enable sssd.ser...Rule Medium Severity -
Certificate status checking in SSSD
Multifactor solutions that require devices separate from information systems gaining access include, for example, hardware tokens providing time-ba...Rule Medium Severity -
Enable Certmap in SSSD
SSSD should be configured to verify the certificate of the user or group. To set this up ensure that section like <code>certmap/testing.test/rule_...Rule Medium Severity -
Configure PAM in SSSD Services
SSSD should be configured to run SSSD <code>pam</code> services. To configure SSSD to known SSH hosts, add <code>pam</code> to <code>services</code...Rule Medium Severity -
Enable Smartcards in SSSD
SSSD should be configured to authenticate access to the system using smart cards. To enable smart cards in SSSD, set <code>pam_cert_auth</code> to ...Rule Medium Severity -
Configure SSSD LDAP Backend Client to Demand a Valid Certificate from the Server
Configure SSSD to demand a valid certificate from the server to protect the integrity of LDAP remote access sessions by setting the <pre>ldap_tls_r...Rule Medium Severity -
Root Shell Environment Assumed
Most of the actions listed in this document are written with the assumption that they will be executed by the root user running the <code>/bin/bash...Group -
SSSD Has a Correct Trust Anchor
SSSD must have acceptable trust anchor present.Rule Medium Severity -
Configure SSSD's Memory Cache to Expire
SSSD's memory cache should be configured to set to expire records after <code><xccdf-1.2:sub idref="xccdf_org.ssgproject.content_value_var_sssd_mem...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules