Skip to content

CIS Red Hat Enterprise Linux 8 Benchmark for Level 2 - Server

Rules and Groups employed by this XCCDF Profile

  • Ensure SSH MaxStartups is configured

    The MaxStartups parameter specifies the maximum number of concurrent unauthenticated connections to the SSH daemon. Additional connections will be ...
    Rule Medium Severity
  • Use Only FIPS 140-2 Validated Ciphers

    Limit the ciphers to those algorithms which are FIPS-approved. Counter (CTR) mode is also preferred over cipher-block chaining (CBC) mode. The foll...
    Rule Medium Severity
  • X Window System

    The X Window System implementation included with the system is called X.org.
    Group
  • Disable X Windows

    Unless there is a mission-critical reason for the system to run a graphical user interface, ensure X is not set to start automatically at boot and ...
    Group
  • Remove the X Windows Package Group

    By removing the xorg-x11-server-common package, the system no longer has X Windows installed. If X Windows is not installed then the system cannot ...
    Rule Medium Severity
  • Disable X Windows Startup By Setting Default Target

    Systems that do not require a graphical user interface should only boot by default into <code>multi-user.target</code> mode. This prevents accident...
    Rule Medium Severity
  • Ensure Authentication Required for Single User Mode

    Single user mode is used for recovery when the system detects an issue during boot or by manual selection from the bootloader.
    Rule Medium Severity
  • Configure Firewalld to Restrict Loopback Traffic

    Configure <code>firewalld</code> to restrict loopback traffic to the <code>lo</code> interface. The loopback traffic must be trusted by assigning ...
    Rule Medium Severity
  • Configure Firewalld to Trust Loopback Traffic

    Assign loopback interface to the <code>firewalld</code> <code>trusted</code> zone in order to explicitly allow the loopback traffic in the system. ...
    Rule Medium Severity
  • Verify Permissions and Ownership of Old Passwords File

    To properly set the owner of <code>/etc/security/opasswd</code>, run the command: <pre>$ sudo chown root /etc/security/opasswd </pre> To properly ...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules