DISA STIG for Red Hat Enterprise Linux 7
Rules and Groups employed by this XCCDF Profile
-
Configure the Firewalld Ports
Configure the <code>firewalld</code> ports to allow approved services to have access to the system. To configure <code>firewalld</code> to open ports, run the following command: <pre>firewall-cmd -...Rule Medium Severity -
Set Default firewalld Zone for Incoming Packets
To set the default zone to <code>drop</code> for the built-in default zone which processes incoming IPv4 and IPv6 packets, modify the following line in <code>/etc/firewalld/firewalld.conf</code> to...Rule Medium Severity -
IPSec Support
Support for Internet Protocol Security (IPsec) is provided with Libreswan.Group -
Verify Any Configured IPSec Tunnel Connections
Libreswan provides an implementation of IPsec and IKE, which permits the creation of secure tunnels over untrusted networks. As such, IPsec can be used to circumvent certain network requirements su...Rule Medium Severity -
IPv6
The system includes support for Internet Protocol version 6. A major and often-mentioned improvement over IPv4 is its enormous increase in the number of available addresses. Another important featu...Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules