Skip to content
Log In

Guide to the Secure Configuration of Red Hat Enterprise Linux 8

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Firewalld Must Employ a Deny-all, Allow-by-exception Policy for Allowing Connections to Other Systems

    Red Hat Enterprise Linux 8 incorporates the "firewalld" daemon, which allows for many different configurations. One of these configurations is zones. Zones can be utilized to a deny-all, allow-by-e...
    Rule Medium Severity
    Show

  • Set Default firewalld Zone for Incoming Packets

    To set the default zone to <code>drop</code> for the built-in default zone which processes incoming IPv4 and IPv6 packets, modify the following line in <code>/etc/firewalld/firewalld.conf</code> to...
    Rule Medium Severity
    Show

  • IPSec Support

    Support for Internet Protocol Security (IPsec) is provided with Libreswan.
    Group
    Show

  • Install libreswan Package

    The libreswan package provides an implementation of IPsec and IKE, which permits the creation of secure tunnels over untrusted networks. The <code>libreswan</code> package can be installed with the...
    Rule Medium Severity
    Show

  • Verify Any Configured IPSec Tunnel Connections

    Libreswan provides an implementation of IPsec and IKE, which permits the creation of secure tunnels over untrusted networks. As such, IPsec can be used to circumvent certain network requirements su...
    Rule Medium Severity
    Show

  • Install iptables-services Package

    The iptables-services package can be installed with the following command: 
    $ sudo yum install iptables-services
    Rule Medium Severity
    Show

  • Install iptables Package

    The iptables package can be installed with the following command: 
    $ sudo yum install iptables
    Rule Medium Severity
    Show

  • net.ipv4.tcp_rfc1337

    Enable to enable TCP behavior conformant with RFC 1337
    Value
    Show

  • net.ipv4.tcp_syncookies

    Enable to turn on TCP SYN Cookie Protection
    Value
    Show

  • Verify ip6tables Enabled if Using IPv6

    The ip6tables service can be enabled with the following command: 
    $ sudo systemctl enable ip6tables.service
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules