Guide to the Secure Configuration of Red Hat Enterprise Linux 8
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Disable ntpdate Service (ntpdate)
The <code>ntpdate</code> service sets the local hardware clock by polling NTP servers when the system boots. It synchronizes to the NTP servers lis...Rule Low Severity -
Disable Odd Job Daemon (oddjobd)
The <code>oddjobd</code> service exists to provide an interface and access control mechanism through which specified privileged tasks can run tasks...Rule Medium Severity -
Disable Portreserve (portreserve)
The <code>portreserve</code> service is a TCP port reservation utility that can be used to prevent portmap from binding to well known TCP ports tha...Rule Low Severity -
Disable Apache Qpid (qpidd)
The <code>qpidd</code> service provides high speed, secure, guaranteed delivery services. It is an implementation of the Advanced Message Queuing ...Rule Low Severity -
Disable Quota Netlink (quota_nld)
The <code>quota_nld</code> service provides notifications to users of disk space quota violations. It listens to the kernel via a netlink socket fo...Rule Low Severity -
Disable Network Router Discovery Daemon (rdisc)
The <code>rdisc</code> service implements the client side of the ICMP Internet Router Discovery Protocol (IRDP), which allows discovery of routers ...Rule Medium Severity -
Disable Red Hat Network Service (rhnsd)
The Red Hat Network service automatically queries Red Hat Network servers to determine whether there are any actions that should be executed, such ...Rule Low Severity -
Disable Red Hat Subscription Manager Daemon (rhsmcertd)
The Red Hat Subscription Manager (rhsmcertd) periodically checks for changes in the entitlement certificates for a registered system and updates it...Rule Low Severity -
Disable Cyrus SASL Authentication Daemon (saslauthd)
The <code>saslauthd</code> service handles plaintext authentication requests on behalf of the SASL library. The service isolates all code requiring...Rule Low Severity -
Disable System Statistics Reset Service (sysstat)
The <code>sysstat</code> service resets various I/O and CPU performance statistics to zero in order to begin counting from a fresh state at boot ti...Rule Low Severity -
Cron and At Daemons
The cron and at services are used to allow commands to be executed at a later time. The cron service is required by almost all systems to perform n...Group -
Install the cron service
The Cron service should be installed.Rule Medium Severity -
Enable cron Service
The <code>crond</code> service is used to execute commands at preconfigured times. It is required by almost all systems to perform necessary mainte...Rule Medium Severity -
Enable cron Service
The <code>crond</code> service is used to execute commands at preconfigured times. It is required by almost all systems to perform necessary mainte...Rule Medium Severity -
Disable At Service (atd)
The <code>at</code> and <code>batch</code> commands can be used to schedule tasks that are meant to be executed only once. This allows delayed exec...Rule Medium Severity -
Disable anacron Service
The <code>cronie-anacron</code> package, which provides <code>anacron</code> functionality, is installed by default. The <code>cronie-anacron</cod...Rule Unknown Severity -
Verify Group Who Owns cron.d
To properly set the group owner of/etc/cron.d, run the command:$ sudo chgrp root /etc/cron.d
Rule Medium Severity -
Verify Group Who Owns cron.daily
To properly set the group owner of/etc/cron.daily, run the command:$ sudo chgrp root /etc/cron.daily
Rule Medium Severity -
Verify Group Who Owns cron.hourly
To properly set the group owner of/etc/cron.hourly, run the command:$ sudo chgrp root /etc/cron.hourly
Rule Medium Severity -
Verify Group Who Owns cron.monthly
To properly set the group owner of/etc/cron.monthly, run the command:$ sudo chgrp root /etc/cron.monthly
Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.