Skip to content

Guide to the Secure Configuration of Red Hat Enterprise Linux 9

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Enable the GNOME3 Login Smartcard Authentication

    In the default graphical environment, smart card authentication can be enabled on the login screen by setting <code>enable-smartcard-authentication...
    Rule Medium Severity
  • Enable the GNOME3 Screen Locking On Smartcard Removal

    In the default graphical environment, screen locking on smartcard removal can be enabled by setting <code>removal-action</code> to <code>'lock-scre...
    Rule Medium Severity
  • Set the GNOME3 Login Number of Failures

    In the default graphical environment, the GNOME3 login screen and be configured to restart the authentication process after a configured number of ...
    Rule Medium Severity
  • Disable GDM Automatic Login

    The GNOME Display Manager (GDM) can allow users to automatically login without user interaction or credentials. User should always be required to a...
    Rule High Severity
  • Disable XDMCP in GDM

    XDMCP is an unencrypted protocol, and therefore, presents a security risk, see e.g. <a href="https://help.gnome.org/admin/gdm/stable/security.html....
    Rule High Severity
  • GNOME Media Settings

    GNOME media settings that apply to the graphical interface.
    Group
  • Disable GNOME3 Automounting

    The system's default desktop environment, GNOME3, will mount devices and removable media (such as DVDs, CDs and USB flash drives) whenever they are...
    Rule Medium Severity
  • Configure the Use of the pam_faillock.so Module in the /etc/pam.d/system-auth File.

    The pam_faillock.so module must be loaded in preauth in /etc/pam.d/system-auth.
    Rule Medium Severity
  • Disable GNOME3 Automount Opening

    The system's default desktop environment, GNOME3, will mount devices and removable media (such as DVDs, CDs and USB flash drives) whenever they are...
    Rule Medium Severity
  • Disable GNOME3 Automount running

    The system's default desktop environment, GNOME3, will mount devices and removable media (such as DVDs, CDs and USB flash drives) whenever they are...
    Rule Low Severity
  • Disable All GNOME3 Thumbnailers

    The system's default desktop environment, GNOME3, uses a number of different thumbnailer programs to generate thumbnails for any new or modified co...
    Rule Unknown Severity
  • GNOME Network Settings

    GNOME network settings that apply to the graphical interface.
    Group
  • Disable WIFI Network Connection Creation in GNOME3

    <code>GNOME</code> allows users to create ad-hoc wireless connections through the <code>NetworkManager</code> applet. Wireless connections should b...
    Rule Medium Severity
  • Disable WIFI Network Notification in GNOME3

    By default, <code>GNOME</code> disables WIFI notification. This should be permanently set so that users do not connect to a wireless network when t...
    Rule Medium Severity
  • GNOME Remote Access Settings

    GNOME remote access settings that apply to the graphical interface.
    Group
  • Require Credential Prompting for Remote Access in GNOME3

    By default, <code>GNOME</code> does not require credentials when using <code>Vino</code> for remote access. To configure the system to require remo...
    Rule Medium Severity
  • Account Lockouts Must Persist

    By setting a `dir` in the faillock configuration account lockouts will persist across reboots.
    Rule Medium Severity
  • Require Encryption for Remote Access in GNOME3

    By default, <code>GNOME</code> requires encryption when using <code>Vino</code> for remote access. To prevent remote access encryption from being d...
    Rule Medium Severity
  • Configure GNOME Screen Locking

    In the default GNOME3 desktop, the screen can be locked by selecting the user name in the far right corner of the main panel and selecting <b>Lock<...
    Group
  • Screensaver Inactivity timeout

    Choose allowed duration (in seconds) of inactive graphical sessions
    Value

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules