Red Hat Enterprise Linux 9 Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-OS-000095-GPOS-00049
<GroupDescription></GroupDescription>Group -
RHEL 9 must not have the tuned package installed.
<VulnDiscussion>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission ob...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
RHEL 9 must not have a Trivial File Transfer Protocol (TFTP) server package installed.
<VulnDiscussion>Removing the "tftp-server" package decreases the risk of the accidental (or intentional) activation of tftp services. If TFT...Rule High Severity -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
RHEL 9 must not have the quagga package installed.
<VulnDiscussion>Quagga is a network routing software suite providing implementations of Open Shortest Path First (OSPF), Routing Information ...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
A graphical display manager must not be installed on RHEL 9 unless approved.
<VulnDiscussion>Unnecessary service packages must not be installed to decrease the attack surface of the system. Graphical display managers h...Rule Medium Severity -
SRG-OS-000105-GPOS-00052
<GroupDescription></GroupDescription>Group -
RHEL 9 must use a separate file system for /var.
<VulnDiscussion>Ensuring that "/var" is mounted on its own partition enables the setting of more restrictive mount options. This helps protec...Rule Low Severity -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
RHEL 9 must have the openssl-pkcs11 package installed.
<VulnDiscussion>Without the use of multifactor authentication, the ease of access to privileged functions is greatly increased. Multifactor a...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
RHEL 9 must have the gnutls-utils package installed.
<VulnDiscussion>GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provi...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
RHEL 9 must have the nss-tools package installed.
<VulnDiscussion>Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled clie...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
RHEL 9 must have the rng-tools package installed.
<VulnDiscussion>"rng-tools" provides hardware random number generator tools, such as those used in the formation of x509/PKI certificates.<...Rule Medium Severity -
SRG-OS-000363-GPOS-00150
<GroupDescription></GroupDescription>Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.