Skip to content

Guide to the Secure Configuration of Red Hat Enterprise Linux 9

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Verify No netrc Files Exist

    The <code>.netrc</code> files contain login information used to auto-login into FTP servers and reside in the user's home directory. These files ma...
    Rule Medium Severity
  • Restrict Root Logins

    Direct root logins should be allowed only for emergency use. In normal situations, the administrator should access the system via a unique unprivil...
    Group
  • Group Name Used by pam_wheel Group Parameter

    pam_wheel module has a parameter called group, which controls which groups can access the su command. This variable holds the valid value for the p...
    Value
  • Verify Only Root Has UID 0

    If any account other than root has a UID of 0, this misconfiguration should be investigated and the accounts other than root should be removed or h...
    Rule High Severity
  • Verify Root Has A Primary GID 0

    The root user should have a primary group of 0.
    Rule High Severity
  • Account Inactivity Timeout (seconds)

    In an interactive shell, the value is interpreted as the number of seconds to wait for input after issuing the primary prompt. Bash terminates afte...
    Value
  • Ensure the Default Bash Umask is Set Correctly

    To ensure the default umask for users of the Bash shell is set properly, add or correct the <code>umask</code> setting in <code>/etc/bashrc</code> ...
    Rule Medium Severity
  • Ensure Authentication Required for Single User Mode

    Single user mode is used for recovery when the system detects an issue during boot or by manual selection from the bootloader.
    Rule Medium Severity
  • Direct root Logins Not Allowed

    To further limit access to the <code>root</code> account, administrators can disable root logins at the console by editing the <code>/etc/securetty...
    Rule Medium Severity
  • Ensure that System Accounts Are Locked

    Some accounts are not associated with a human user of the system, and exist to perform some administrative functions. An attacker should not be abl...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules