Skip to content
ATO Pathways
  Log In

Guide to the Secure Configuration of Red Hat Enterprise Linux 9

Rules, Groups, and Values defined within the XCCDF Benchmark

  • SSH Strong MACs by FIPS

    Specify the FIPS approved MACs (Message Authentication Code) algorithms that are used for data integrity protection by the SSH server.
    Value
    Show

  • Restrict unprivileged access to the kernel syslog

    Enforce restrictions on unprivileged users reading the kernel syslog via dmesg(8). The configuration that was used to build kernel is available at...
    Rule Medium Severity
    Show

  • Randomize slab freelist

    Randomizes the freelist order used on creating new pages. This configuration is available from kernel 5.9, but may be available if backported by di...
    Rule Medium Severity
    Show

  • Verify Group Who Owns cron.deny

    To properly set the group owner of /etc/cron.deny, run the command: 
    $ sudo chgrp root /etc/cron.deny
    Rule Medium Severity
    Show

  • Verify Owner on cron.deny

    To properly set the owner of /etc/cron.deny, run the command: 
    $ sudo chown root /etc/cron.deny
    Rule Medium Severity
    Show

  • Verify File Hashes with RPM

    Without cryptographic integrity protections, system executables and files can be altered by unauthorized users without detection. The RPM package m...
    Rule High Severity
    Show

  • Configure SSH Client to Use FIPS 140-2 Validated MACs: openssh.config

    Crypto Policies provide a centralized control over crypto algorithms usage of many packages. OpenSSH is supported by system crypto policy, but the ...
    Rule Medium Severity
    Show

  • Configure SSH Server to Use FIPS 140-2 Validated MACs: opensshserver.config

    Crypto Policies provide a centralized control over crypto algorithms usage of many packages. OpenSSH is supported by system crypto policy, but the ...
    Rule Medium Severity
    Show

  • Ensure /dev/shm is configured

    The <code>/dev/shm</code> is a traditional shared memory concept. One program will create a memory portion, which other processes (if permitted) ca...
    Rule Low Severity
    Show

  • Install cryptsetup Package

    The cryptsetup package can be installed with the following command: 
    $ sudo dnf install cryptsetup
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules