Guide to the Secure Configuration of Red Hat Enterprise Linux 8
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Install usbguard Package
Theusbguardpackage can be installed with the following command:$ sudo yum install usbguard
Rule Medium Severity -
Enable the USBGuard Service
The USBGuard service should be enabled. The <code>usbguard</code> service can be enabled with the following command: <pre>$ sudo systemctl enable ...Rule Medium Severity -
Log USBGuard daemon audit events using Linux Audit
To configure USBGuard daemon to log via Linux Audit (as opposed directly to a file), <code>AuditBackend</code> option in <code>/etc/usbguard/usbgua...Rule Low Severity -
Authorize Human Interface Devices in USBGuard daemon
To allow authorization of Human Interface Devices (keyboard, mouse) by USBGuard daemon, add the line <code>allow with-interface match-all { 03:*:* ...Rule Medium Severity -
Authorize Human Interface Devices and USB hubs in USBGuard daemon
To allow authorization of USB devices combining human interface device and hub capabilities by USBGuard daemon, add the line <code>allow with-inter...Rule Medium Severity -
Authorize USB hubs in USBGuard daemon
To allow authorization of USB hub devices by USBGuard daemon, add line <code>allow with-interface match-all { 09:00:* }</code> to <code>/etc/usbgua...Rule Medium Severity -
Generate USBGuard Policy
By default USBGuard when enabled prevents access to all USB devices and this lead to inaccessible system if they use USB mouse/keyboard. To prevent...Rule Medium Severity -
X Window System
The X Window System implementation included with the system is called X.org.Group -
Disable X Windows
Unless there is a mission-critical reason for the system to run a graphical user interface, ensure X is not set to start automatically at boot and ...Group -
Remove the X Windows Package Group
By removing the xorg-x11-server-common package, the system no longer has X Windows installed. If X Windows is not installed then the system cannot ...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules