Skip to content
Log In

Guide to the Secure Configuration of Red Hat Enterprise Linux 8

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Network Configuration and Firewalls

    Most systems must be connected to a network of some sort, and this brings with it the substantial risk of network attack. This section discusses the security impact of decisions about networking wh...
    Group
    Show

  • Configure Multiple DNS Servers in /etc/resolv.conf

    Determine whether the system is using local or DNS name resolution with the following command: <pre>$ sudo grep hosts /etc/nsswitch.conf hosts: files dns</pre> If the DNS entry is missing from the...
    Rule Medium Severity
    Show

  • Ensure System is Not Acting as a Network Sniffer

    The system should not be acting as a network sniffer, which can capture all traffic on the network to which it is connected. Run the following to determine if any interface is running in promiscuou...
    Rule Medium Severity
    Show

  • firewalld

    The dynamic firewall daemon <code>firewalld</code> provides a dynamically managed firewall with support for network “zones” to assign a level of trust to a network and its associated connections an...
    Group
    Show

  • Configure Firewalld to Use the Nftables Backend

    Firewalld can be configured with many backends, such as nftables.
    Rule Medium Severity
    Show

  • Ensure network interfaces are assigned to appropriate zone

    Firewall zones define the trust level of network connections or interfaces. Note: Changing firewall settings while connected over network can result in being locked out of the system.
    Rule Medium Severity
    Show

  • Inspect and Activate Default firewalld Rules

    Firewalls can be used to separate networks into different zones based on the level of trust the user has decided to place on the devices and traffic within that network. <code>NetworkManager</code>...
    Group
    Show

  • Install firewalld Package

    The firewalld package can be installed with the following command: 
    $ sudo yum install firewalld
    Rule Medium Severity
    Show

  • Verify firewalld Enabled

    The firewalld service can be enabled with the following command: 
    $ sudo systemctl enable firewalld.service
    Rule Medium Severity
    Show

  • net.ipv4.tcp_invalid_ratelimit

    Configure the maximal rate for sending duplicate acknowledgments in response to incoming invalid TCP packets.
    Value
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules