Skip to content

Guide to the Secure Configuration of Red Hat Enterprise Linux 8

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Ensure that System Accounts Are Locked

    Some accounts are not associated with a human user of the system, and exist to perform some administrative functions. An attacker should not be abl...
    Rule Medium Severity
  • Restrict Web Browser Use for Administrative Accounts

    Enforce policy requiring administrative accounts use web browsers only for local service administration.
    Rule Unknown Severity
  • Ensure that System Accounts Do Not Run a Shell Upon Login

    Some accounts are not associated with a human user of the system, and exist to perform some administrative functions. Should an attacker be able to...
    Rule Medium Severity
  • Restrict Serial Port Root Logins

    To restrict root logins on serial ports, ensure lines of this form do not appear in /etc/securetty:
    ttyS0
    ttyS1
    Rule Medium Severity
  • Root Path Must Be Vendor Default

    Assuming root shell is bash, edit the following files: <pre>~/.profile</pre> <pre>~/.bashrc</pre> Change any <code>PATH</code> variables to the ven...
    Rule Unknown Severity
  • Restrict Virtual Console Root Logins

    To restrict root logins through the (deprecated) virtual console devices, ensure lines of this form do not appear in <code>/etc/securetty</code>: <...
    Rule Medium Severity
  • Enforce usage of pam_wheel for su authentication

    To ensure that only users who are members of the <code>wheel</code> group can run commands with altered privileges through the <code>su</code> comm...
    Rule Medium Severity
  • net.ipv6.conf.all.router_solicitations

    Accept all router solicitations?
    Value
  • Ensure the Default Bash Umask is Set Correctly

    To ensure the default umask for users of the Bash shell is set properly, add or correct the <code>umask</code> setting in <code>/etc/bashrc</code> ...
    Rule Medium Severity
  • Secure Session Configuration Files for Login Accounts

    When a user logs into a Unix account, the system configures the user's session by reading a number of files. Many of these files are located in the...
    Group

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules