Red Hat Enterprise Linux 9 Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
RHEL 9 must be configured to disable the Asynchronous Transfer Mode kernel module.
<VulnDiscussion>Disabling Asynchronous Transfer Mode (ATM) protects the system against exploitation of any flaws in its implementation.</V...Rule Medium Severity -
SRG-OS-000095-GPOS-00049
<GroupDescription></GroupDescription>Group -
RHEL 9 must be configured to disable the Controller Area Network kernel module.
<VulnDiscussion>Disabling Controller Area Network (CAN) protects the system against exploitation of any flaws in its implementation.</Vuln...Rule Medium Severity -
SRG-OS-000095-GPOS-00049
<GroupDescription></GroupDescription>Group -
RHEL 9 must be configured to disable the FireWire kernel module.
<VulnDiscussion>Disabling firewire protects the system against exploitation of any flaws in its implementation.</VulnDiscussion><Fal...Rule Medium Severity -
SRG-OS-000095-GPOS-00049
<GroupDescription></GroupDescription>Group -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
RHEL 9 /etc/passwd- file must be owned by root.
<VulnDiscussion>The "/etc/passwd-" file is a backup file of "/etc/passwd", and as such, contains information about the users that are configu...Rule Medium Severity -
RHEL 9 must disable the Stream Control Transmission Protocol (SCTP) kernel module.
<VulnDiscussion>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission ob...Rule Medium Severity -
SRG-OS-000095-GPOS-00049
<GroupDescription></GroupDescription>Group -
RHEL 9 must disable the Transparent Inter Process Communication (TIPC) kernel module.
<VulnDiscussion>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission ob...Rule Medium Severity -
SRG-OS-000433-GPOS-00193
<GroupDescription></GroupDescription>Group -
RHEL 9 must implement address space layout randomization (ASLR) to protect its memory from unauthorized code execution.
<VulnDiscussion>Address space layout randomization (ASLR) makes it more difficult for an attacker to predict the location of attack code they...Rule Medium Severity -
SRG-OS-000132-GPOS-00067
<GroupDescription></GroupDescription>Group -
RHEL 9 must disable access to network bpf system call from nonprivileged processes.
<VulnDiscussion>Loading and accessing the packet filters programs and maps using the bpf() system call has the potential of revealing sensiti...Rule Medium Severity -
SRG-OS-000132-GPOS-00067
<GroupDescription></GroupDescription>Group -
RHEL 9 must restrict usage of ptrace to descendant processes.
<VulnDiscussion>Unrestricted usage of ptrace allows compromised binaries to run ptrace on other processes of the user. Like this, the attacke...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
RHEL 9 must ensure cryptographic verification of vendor software packages.
<VulnDiscussion>Cryptographic verification of vendor software packages ensures that all software packages are obtained from a valid source an...Rule Medium Severity -
SRG-OS-000366-GPOS-00153
<GroupDescription></GroupDescription>Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.