CIS Red Hat Enterprise Linux 7 Benchmark for Level 2 - Server
Rules and Groups employed by this XCCDF Profile
-
DNS Server
Most organizations have an operational need to run at least one nameserver. However, there are many common attacks involving DNS server software, a...Group -
Disable DNS Server
DNS software should be disabled on any systems which does not need to be a nameserver. Note that the BIND DNS server software is not installed on R...Group -
Uninstall bind Package
The <code>named</code> service is provided by the <code>bind</code> package. The <code>bind</code> package can be removed with the following comman...Rule Low Severity -
FTP Server
FTP is a common method for allowing remote access to files. Like telnet, the FTP protocol is unencrypted, which means that passwords and other data...Group -
Disable vsftpd if Possible
To minimize attack surface, disable vsftpd if at all possible.Group -
Uninstall vsftpd Package
Thevsftpd
package can be removed with the following command:$ sudo yum erase vsftpd
Rule High Severity -
Web Server
The web server is responsible for providing access to content via the HTTP protocol. Web servers represent a significant security risk because: <br...Group -
Disable Apache if Possible
If Apache was installed and activated, but the system does not need to act as a web server, then it should be disabled and removed from the system.Group -
Uninstall httpd Package
Thehttpd
package can be removed with the following command:$ sudo yum erase httpd
Rule Unknown Severity -
Disable NGINX if Possible
If NGINX was installed and activated, but the system does not need to act as a web server, then it should be removed from the system.Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules