Skip to content
ATO Pathways
  Log In

VPP - Protection Profile for Virtualization v. 1.0 for Red Hat Virtualization

Rules and Groups employed by this XCCDF Profile

  • Do Not Allow SSH Environment Options

    Ensure that users are not able to override environment variables of the SSH daemon. <br> The default SSH configuration disables environment process...
    Rule Medium Severity
    Show

  • Enable Use of Strict Mode Checking

    SSHs <code>StrictModes</code> option checks file and ownership permissions in the user's home directory <code>.ssh</code> folder before accepting l...
    Rule Medium Severity
    Show

  • Enable SSH Warning Banner

    To enable the warning banner and ensure it is consistent across the system, add or correct the following line in <code>/etc/ssh/sshd_config</code...
    Rule Medium Severity
    Show

  • Enable SSH Print Last Log

    Ensure that SSH will display the date and time of the last successful account logon. <br> The default SSH configuration enables print of the date a...
    Rule Medium Severity
    Show

  • Set LogLevel to INFO

    The INFO parameter specifices that record login and logout activity will be logged. <br> The default SSH configuration sets the log level to INFO. ...
    Rule Low Severity
    Show

  • Use Only FIPS 140-2 Validated Ciphers

    Limit the ciphers to those algorithms which are FIPS-approved. Counter (CTR) mode is also preferred over cipher-block chaining (CBC) mode. The foll...
    Rule Medium Severity
    Show

  • Use Only FIPS 140-2 Validated MACs

    Limit the MACs to those hash algorithms which are FIPS-approved. The following line in <code>/etc/ssh/sshd_config</code> demonstrates use of FIPS-a...
    Rule Medium Severity
    Show

  • Enable Use of Privilege Separation

    When enabled, SSH will create an unprivileged child process that has the privilege of the authenticated user. To enable privilege separation in SSH...
    Rule Medium Severity
    Show

  • System Security Services Daemon

    The System Security Services Daemon (SSSD) is a system daemon that provides access to different identity and authentication providers such as Red H...
    Group
    Show

  • Enable Smartcards in SSSD

    SSSD should be configured to authenticate access to the system using smart cards. To enable smart cards in SSSD, set <code>pam_cert_auth</code> to ...
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules