Skip to content

Health Insurance Portability and Accountability Act (HIPAA)

Rules and Groups employed by this XCCDF Profile

  • Remove NIS Client

    The Network Information Service (NIS), formerly known as Yellow Pages, is a client-server directory service protocol used to distribute system conf...
    Rule Unknown Severity
  • Uninstall ypserv Package

    The ypserv package can be removed with the following command:
    $ sudo yum erase ypserv
    Rule High Severity
  • Disable ypbind Service

    The <code>ypbind</code> service, which allows the system to act as a client in a NIS or NIS+ domain, should be disabled. The <code>ypbind</code> s...
    Rule Medium Severity
  • Rlogin, Rsh, and Rexec

    The Berkeley r-commands are legacy services which allow cleartext remote access and have an insecure trust model.
    Group
  • Uninstall rsh-server Package

    The rsh-server package can be removed with the following command:
    $ sudo yum erase rsh-server
    Rule High Severity
  • Uninstall rsh Package

    The rsh package contains the client commands for the rsh services
    Rule Unknown Severity
  • Disable rexec Service

    The <code>rexec</code> service, which is available with the <code>rsh-server</code> package and runs as a service through xinetd or separately as a...
    Rule High Severity
  • Disable rlogin Service

    The <code>rlogin</code> service, which is available with the <code>rsh-server</code> package and runs as a service through xinetd or separately as ...
    Rule High Severity
  • Disable rsh Service

    The <code>rsh</code> service, which is available with the <code>rsh-server</code> package and runs as a service through xinetd or separately as a s...
    Rule High Severity
  • Remove Rsh Trust Files

    The files <code>/etc/hosts.equiv</code> and <code>~/.rhosts</code> (in each user's home directory) list remote hosts and users that are trusted by ...
    Rule High Severity
  • Chat/Messaging Services

    The talk software makes it possible for users to send and receive messages across systems through a terminal session.
    Group
  • Uninstall talk-server Package

    The talk-server package can be removed with the following command:
     $ sudo yum erase talk-server
    Rule Medium Severity
  • Uninstall talk Package

    The <code>talk</code> package contains the client program for the Internet talk protocol, which allows the user to chat with other users on differe...
    Rule Medium Severity
  • Telnet

    The telnet protocol does not provide confidentiality or integrity for information transmitted on the network. This includes authentication informat...
    Group
  • Uninstall telnet-server Package

    The telnet-server package can be removed with the following command:
    $ sudo yum erase telnet-server
    Rule High Severity
  • Remove telnet Clients

    The telnet client allows users to start connections to other systems via the telnet protocol.
    Rule Low Severity
  • Disable telnet Service

    Make sure that the activation of the <code>telnet</code> service on system boot is disabled. The <code>telnet</code> socket can be disabled with t...
    Rule High Severity
  • Network Routing

    A router is a very desirable target for a potential adversary because they fulfill a variety of infrastructure networking roles such as access to ...
    Group
  • Disable Quagga if Possible

    If Quagga was installed and activated, but the system does not need to act as a router, then it should be disabled and removed.
    Group
  • Disable Quagga Service

    The zebra service can be disabled with the following command:
    $ sudo systemctl mask --now zebra.service
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules