CIS Red Hat Enterprise Linux 7 Benchmark for Level 2 - Workstation
Rules and Groups employed by this XCCDF Profile
-
Use Only FIPS 140-2 Validated Ciphers
Limit the ciphers to those algorithms which are FIPS-approved. Counter (CTR) mode is also preferred over cipher-block chaining (CBC) mode. The following line in <code>/etc/ssh/sshd_config</code> de...Rule Medium Severity -
Use Only Strong Key Exchange algorithms
Limit the Key Exchange to strong algorithms. The following line in <code>/etc/ssh/sshd_config</code> demonstrates use of those: <pre>KexAlgorithms <xccdf-1.2:sub idref="xccdf_org.ssgproject.content...Rule Medium Severity -
Use Only Strong MACs
Limit the MACs to strong hash algorithms. The following line in <code>/etc/ssh/sshd_config</code> demonstrates use of those MACs: <pre>MACs <xccdf-1.2:sub idref="xccdf_org.ssgproject.content_value_...Rule Medium Severity -
Ensure PAM Enforces Password Requirements - Prevent the Use of Dictionary Words
The pam_pwquality module'sdictcheckcheck if passwords contains dictionary words. Whendictcheckis set to1passwords will be checked for dictionary words.Rule Medium Severity -
Ensure the Group Used by pam_wheel.so Module Exists on System and is Empty
Ensure that the group <code><xccdf-1.2:sub idref="xccdf_org.ssgproject.content_value_var_pam_wheel_group_for_su" use="legacy"></xccdf-1.2:sub></code> referenced by <code>var_pam_wheel_group_for_su<...Rule Medium Severity -
Ensure Authentication Required for Single User Mode
Single user mode is used for recovery when the system detects an issue during boot or by manual selection from the bootloader.Rule Medium Severity -
Enforce Usage of pam_wheel with Group Parameter for su Authentication
To ensure that only users who are members of the group set in the <code>group</code> option of <code>pam_wheel.so</code> module can run commands with altered privileges through the <code>su</code> ...Rule Medium Severity -
Ensure users' .netrc Files are not group or world accessible
While the system administrator can establish secure permissions for users' .netrc files, the users can easily override these. This rule ensures every .netrc file or directory under the home direct...Rule Medium Severity -
Record Events When Executables Are Run As Another User
Verify the system generates an audit record when actions are run as another user. sudo provides users with temporary elevated privileges to perform operations, either as the superuser or another us...Rule Medium Severity -
Record Attempts to perform maintenance activities
The Red Hat Enterprise Linux 7 operating system must generate audit records for privileged activities, nonlocal maintenance, diagnostic sessions and other system-level access. Verify the operating...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.