Guide to the Secure Configuration of Red Hat Enterprise Linux 8
Rules, Groups, and Values defined within the XCCDF Benchmark
-
net.ipv6.conf.default.accept_ra_pinfo
Accept prefix information in router advertisements?Value -
net.ipv6.conf.default.accept_ra_rtr_pref
Accept router preference in router advertisements?Value -
Extend Audit Backlog Limit for the Audit Daemon
To improve the kernel capacity to queue all log events, even those which occurred prior to the audit daemon, add the argument <code>audit_backlog_l...Rule Low Severity -
Configure auditd Rules for Comprehensive Auditing
The <code>auditd</code> program can perform comprehensive monitoring of system activity. This section describes recommended configuration settings ...Group -
Audit failure mode
This variable is the setting for the -f option in Audit configuration which sets the failure mode of audit. This option lets you determine how you ...Value -
Record Events that Modify User/Group Information via open syscall - /etc/group
The audit system should collect write events to /etc/group file for all users and root. If the <code>auditd</code> daemon is configured to use the ...Rule Medium Severity -
Record Events that Modify User/Group Information via open_by_handle_at syscall - /etc/group
The audit system should collect write events to /etc/group file for all group and root. If the <code>auditd</code> daemon is configured to use the ...Rule Medium Severity -
Make the auditd Configuration Immutable
If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default),...Rule Medium Severity -
Configure Logwatch HostLimit Line
On a central logserver, you want Logwatch to summarize all syslog entries, including those which did not originate on the logserver itself. The <co...Rule Unknown Severity -
Record Events that Modify User/Group Information via openat syscall - /etc/group
The audit system should collect write events to /etc/group file for all users and root. If the <code>auditd</code> daemon is configured to use the ...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.