Guide to the Secure Configuration of Red Hat Enterprise Linux 9
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Ensure auditd Collects Information on the Use of Privileged Commands - kmod
At a minimum, the audit system should collect the execution of privileged commands for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program...Rule Medium Severity -
Ensure auditd Collects Information on the Use of Privileged Commands - mount
At a minimum, the audit system should collect the execution of privileged commands for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program...Rule Medium Severity -
Ensure auditd Collects Information on the Use of Privileged Commands - newgrp
At a minimum, the audit system should collect the execution of privileged commands for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program...Rule Medium Severity -
Ensure auditd Collects Information on the Use of Privileged Commands - newuidmap
At a minimum, the audit system should collect the execution of privileged commands for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program...Rule Medium Severity -
Ensure auditd Collects Information on the Use of Privileged Commands - postqueue
At a minimum, the audit system should collect the execution of privileged commands for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program...Rule Medium Severity -
Configure immutable Audit login UIDs
Configure kernel to prevent modification of login UIDs once they are set. Changing login UIDs while this configuration is enforced requires special capabilities which are not available to unprivile...Rule Medium Severity -
Ensure auditd Collects Information on the Use of Privileged Commands - sudo
At a minimum, the audit system should collect the execution of privileged commands for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program...Rule Medium Severity -
Ensure auditd Collects Information on the Use of Privileged Commands - umount
At a minimum, the audit system should collect the execution of privileged commands for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program...Rule Medium Severity -
Ensure auditd Collects Information on the Use of Privileged Commands - unix_update
At a minimum, the audit system should collect the execution of privileged commands for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program...Rule Medium Severity -
Ensure auditd Collects Information on the Use of Privileged Commands - usermod
At a minimum, the audit system should collect the execution of privileged commands for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program...Rule Medium Severity -
Record attempts to alter time through adjtimex
If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add the following line to a file with suffix <cod...Rule Medium Severity -
Configure auditd Data Retention
The audit system writes data to <code>/var/log/audit/audit.log</code>. By default, <code>auditd</code> rotates 5 logs by size (6MB), retaining a maximum of 30MB of data in total, and refuses to wri...Group -
Configure a Sufficiently Large Partition for Audit Logs
The Red Hat Enterprise Linux 9 operating system must allocate audit record storage capacity to store at least one weeks worth of audit records when audit records are not immediately sent to a centr...Rule Medium Severity -
Configure auditd admin_space_left Action on Low Disk Space
The <code>auditd</code> service can be configured to take an action when disk space is running low but prior to running out of space completely. Edit the file <code>/etc/audit/auditd.conf</code>. A...Rule Medium Severity -
Configure auditd space_left Action on Low Disk Space
The <code>auditd</code> service can be configured to take an action when disk space <i>starts</i> to run low. Edit the file <code>/etc/audit/auditd.conf</code>. Modify the following line, substitut...Rule Medium Severity -
Configure basic parameters of Audit system
Perform basic configuration of Audit system. Make sure that any previously defined rules are cleared, the auditing system is configured to handle sudden bursts of events, and in cases of failure, m...Rule Medium Severity -
Configure auditing of loading and unloading of kernel modules
Ensure that loading and unloading of kernel modules is audited. The following rules configure audit as described above: <pre>## These rules watch for kernel module insertion. By monitoring ## the ...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.