North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) cybersecurity standards profile for Red Hat Enterprise Linux CoreOS
Rules and Groups employed by this XCCDF Profile
-
Disk Partitioning
To ensure separation and protection of data, there are top-level system directories which should be placed on their own physical partition or logic...Group -
Ensure /var/log Located On Separate Partition
System logs are stored in the <code>/var/log</code> directory. <p> Partitioning Red Hat CoreOS is a Day 1 operation and cannot be changed afterward...Rule Low Severity -
Ensure /var/log/audit Located On Separate Partition
Audit logs are stored in the <code>/var/log/audit</code> directory. <p> Partitioning Red Hat CoreOS is a Day 1 operation and cannot be changed afte...Rule Low Severity -
Sudo
<code>Sudo</code>, which stands for "su 'do'", provides the ability to delegate authority to certain users, groups of users, or system administrato...Group -
Install sudo Package
Thesudo
package can be installed with the following command:$ sudo dnf install sudo
Rule Medium Severity -
Account and Access Control
In traditional Unix security, if an attacker gains shell access to a certain login account, they can perform any action or access any file to which...Group -
Warning Banners for System Accesses
Each system should expose as little information about itself as possible. <br><br> System banners, which are typically displayed just before a logi...Group -
Modify the System Login Banner
To configure the system login banner create a file under <code>/etc/issue.d</code> The DoD required text is either: <br><br> <code>You are acces...Rule Medium Severity -
Protect Physical Console Access
It is impossible to fully protect a system from an attacker with physical access, so securing the space in which the system is located should be co...Group -
Disable debug-shell SystemD Service
SystemD's <code>debug-shell</code> service is intended to diagnose SystemD related boot issues with various <code>systemctl</code> commands. Once e...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules