An XCCDF Group - A logical subset of the XCCDF Benchmark
iptables
/etc/sysconfig/iptables
/etc/sysconfig/ip6tables
-A INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT
sshd
$ sudo systemctl enable sshd.service
httpd
chroot
ChrootDir
/chroot/apache
/etc/httpd/conf/httpd.conf
ChrootDir /chroot/apache
/etc/http/conf
$ sudo chmod 0750 /etc/http/conf
$ sudo chmod 700 /var/log/httpd/
/etc/http/conf.d/*
$ sudo chmod 0640 /etc/http/conf.d/*
/etc/http/conf/*
$ sudo chmod 0640 /etc/http/conf/*
/etc/http/conf.modules.d/*
$ sudo chmod 0640 /etc/http/conf.modules.d/*
/var/log/httpd/
/var/log/httpd
$ sudo chown root /var/log/httpd
/var/log/httpd/*
$ sudo chown root /var/log/httpd/*