An XCCDF Group - A logical subset of the XCCDF Benchmark
$ rpm -qVa
rpm
$ rpm -Va --noconfig | grep '^..5'
$ rpm -qf FILENAME
$ sudo yum reinstall PACKAGENAME
$ sudo rpm -Uvh PACKAGENAME
$ sudo rpm -Va | awk '{ if (substr($0,2,1)=="M") print $NF }'
$ sudo rpm --setperms PACKAGENAME
/usr/share/doc/aide-VERSION
aide
$ sudo yum install aide
$ sudo /usr/sbin/aide --init
/var/lib/aide/aide.db.new.gz
/etc/aide.conf
/usr/sbin/aide
$ sudo cp /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz
$ sudo /usr/sbin/aide --check
/etc/crontab
05 4 * * * root /usr/sbin/aide --check
05 4 * * 0 root /usr/sbin/aide --check
@daily
@weekly
update-crypto-policies
/etc/named.conf
options
include "/etc/crypto-policies/back-ends/bind.config";
$ sudo update-crypto-policies --set
/etc/crypto-policies/back-ends
/etc/ipsec.conf
include /etc/crypto-policies/back-ends/libreswan.config
/etc/pki/tls/openssl.cnf
ini
[ crypto_policy ]
.include /etc/crypto-policies/back-ends/opensslcnf.config
CRYPTO_POLICY
/etc/sysconfig/sshd
/etc/ssh/ssh_config.d/
05-redhat.conf
02-ospp.conf
/
/boot
swap
/dev/shm
/srv
dconf(1)
Enable
false
[xdmcp]
/etc/gdm/custom.conf
[xdmcp] Enable=false
Sudo
root
sudo
NOEXEC
/etc/sudoers
/etc/sudoers.d/
requiretty
use_pty
!authenticate
NOPASSWD
vdsm
sudoers
ALL
gnutls-utils
$ sudo yum install gnutls-utils
nss-tools
$ sudo yum install nss-tools
yum
gpgcheck
/etc/yum.conf
[main]
gpgcheck=1
/etc/yum.repos.d
gpgcheck=0