CIS Red Hat Enterprise Linux 8 Benchmark for Level 1 - Server
Rules and Groups employed by this XCCDF Profile
-
Verify Permissions on cron.daily
To properly set the permissions of/etc/cron.daily, run the command:$ sudo chmod 0700 /etc/cron.daily
Rule Medium Severity -
Verify Permissions on cron.hourly
To properly set the permissions of/etc/cron.hourly, run the command:$ sudo chmod 0700 /etc/cron.hourly
Rule Medium Severity -
Verify Permissions on cron.monthly
To properly set the permissions of/etc/cron.monthly, run the command:$ sudo chmod 0700 /etc/cron.monthly
Rule Medium Severity -
Verify Permissions on cron.weekly
To properly set the permissions of/etc/cron.weekly, run the command:$ sudo chmod 0700 /etc/cron.weekly
Rule Medium Severity -
Verify Permissions on crontab
To properly set the permissions of/etc/crontab, run the command:$ sudo chmod 0600 /etc/crontab
Rule Medium Severity -
Restrict at and cron to Authorized Users if Necessary
The <code>/etc/cron.allow</code> and <code>/etc/at.allow</code> files contain lists of users who are allowed to use <code>cron</code> and at to delay execution of processes. If these files exist an...Group -
Ensure that /etc/at.deny does not exist
The file/etc/at.denyshould not exist. Use/etc/at.allowinstead.Rule Medium Severity -
Ensure that /etc/cron.deny does not exist
The file/etc/cron.denyshould not exist. Use/etc/cron.allowinstead.Rule Medium Severity -
Verify Group Who Owns /etc/at.allow file
If <code>/etc/at.allow</code> exists, it must be group-owned by <code>root</code>. To properly set the group owner of <code>/etc/at.allow</code>, run the command: <pre>$ sudo chgrp root /etc/at.al...Rule Medium Severity -
Verify Group Who Owns /etc/cron.allow file
If <code>/etc/cron.allow</code> exists, it must be group-owned by <code>root</code>. To properly set the group owner of <code>/etc/cron.allow</code>, run the command: <pre>$ sudo chgrp root /etc/c...Rule Medium Severity -
Verify User Who Owns /etc/cron.allow file
If <code>/etc/cron.allow</code> exists, it must be owned by <code>root</code>. To properly set the owner of <code>/etc/cron.allow</code>, run the command: <pre>$ sudo chown root /etc/cron.allow </...Rule Medium Severity -
Verify Permissions on /etc/at.allow file
If <code>/etc/at.allow</code> exists, it must have permissions <code>0600</code> or more restrictive. To properly set the permissions of <code>/etc/at.allow</code>, run the command: <pre>$ sudo c...Rule Medium Severity -
Verify Permissions on /etc/cron.allow file
If <code>/etc/cron.allow</code> exists, it must have permissions <code>0600</code> or more restrictive. To properly set the permissions of <code>/etc/cron.allow</code>, run the command: <pre>$ su...Rule Medium Severity -
DHCP
The Dynamic Host Configuration Protocol (DHCP) allows systems to request and obtain an IP address and other configuration parameters from a server. <br> <br> This guide recommends configuring...Group -
Disable DHCP Server
The DHCP server <code>dhcpd</code> is not installed or activated by default. If the software was installed and activated, but the system does not need to act as a DHCP server, it should be disabled...Group -
Uninstall DHCP Server Package
If the system does not need to act as a DHCP server, the dhcp package can be uninstalled. The <code>dhcp-server</code> package can be removed with the following command: <pre> $ sudo yum erase dhc...Rule Medium Severity -
DNS Server
Most organizations have an operational need to run at least one nameserver. However, there are many common attacks involving DNS server software, and this server software should be disabled on any ...Group -
Disable DNS Server
DNS software should be disabled on any systems which does not need to be a nameserver. Note that the BIND DNS server software is not installed on Red Hat Enterprise Linux 8 by default. The remainde...Group -
Uninstall bind Package
Thenamedservice is provided by thebindpackage. Thebindpackage can be removed with the following command:$ sudo yum erase bind
Rule Low Severity -
FTP Server
FTP is a common method for allowing remote access to files. Like telnet, the FTP protocol is unencrypted, which means that passwords and other data transmitted during the session can be captured an...Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules