An XCCDF Group - A logical subset of the XCCDF Benchmark
$ rpm -qVa
rpm
$ rpm -Va --noconfig | grep '^..5'
$ rpm -qf FILENAME
$ sudo dnf reinstall PACKAGENAME
$ sudo rpm -Uvh PACKAGENAME
$ sudo rpm -Va | awk '{ if (substr($0,2,1)=="M") print $NF }'
$ sudo rpm --setperms PACKAGENAME
/usr/share/doc/aide-VERSION
aide
$ sudo dnf install aide
$ sudo /usr/sbin/aide --init
/var/lib/aide/aide.db.new.gz
/etc/aide.conf
/usr/sbin/aide
$ sudo cp /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz
$ sudo /usr/sbin/aide --check
/etc/crontab
05 4 * * * root /usr/sbin/aide --check
05 4 * * 0 root /usr/sbin/aide --check
@daily
@weekly
fips-mode-setup --enable
fips
dracut
/etc/dracut.conf.d/40-fips.conf
add_dracutmodules+=" fips "
fips-mode-setup
/proc/sys/crypto/fips_enabled
1
/etc/system-fips
/etc/crypto-policies/config
'crypto.fips_enabled'
update-crypto-policies
/etc/named.conf
options
include "/etc/crypto-policies/back-ends/bind.config";
$ sudo update-crypto-policies --set
/etc/crypto-policies/back-ends
/etc/crypto-policies/back-ends/gnutls.config
+VERS-ALL:-VERS-DTLS0.9:-VERS-SSL3.0:-VERS-TLS1.0:-VERS-TLS1.1:-VERS-DTLS1.0
/etc/ipsec.conf
include /etc/crypto-policies/back-ends/libreswan.config
/etc/pki/tls/openssl.cnf
ini
[ crypto_policy ]
.include = /etc/crypto-policies/back-ends/opensslcnf.config
CRYPTO_POLICY
/etc/sysconfig/sshd
/etc/ssh/ssh_config.d/
05-redhat.conf
02-ospp.conf
/etc/crypto-policies/back-ends/openssh.config
Ciphers
opensshserver-xxx.config
xxx
/etc/crypto-policies/local.d
/etc/crypto-policies/back-ends/opensshserver.config
MACs