CIS Red Hat Enterprise Linux 8 Benchmark for Level 1 - Server
Rules and Groups employed by this XCCDF Profile
-
Implement a GUI Warning Banner
In the default graphical environment, users logging directly into the system are greeted with a login screen provided by the GNOME Display Manager (GDM). The warning banner should be displayed in t...Group -
Enable GNOME3 Login Warning Banner
In the default graphical environment, displaying a login warning banner in the GNOME Display Manager's login screen can be enabled on the login screen by setting <code>banner-message-enable</code> ...Rule Medium Severity -
Set the GNOME3 Login Warning Banner Text
In the default graphical environment, configuring the login warning banner text in the GNOME Display Manager's login screen can be configured on the login screen by setting <code>banner-message-tex...Rule Medium Severity -
Protect Accounts by Configuring PAM
PAM, or Pluggable Authentication Modules, is a system which implements modular authentication for Linux programs. PAM provides a flexible and configurable architecture for authentication, and it sh...Group -
Install pam_pwquality Package
Thelibpwqualitypackage can be installed with the following command:$ sudo yum install libpwquality
Rule Medium Severity -
Set Lockouts for Failed Password Attempts
The <code>pam_faillock</code> PAM module provides the capability to lock out user accounts after a number of failed login attempts. Its documentation is available in <code>/usr/share/doc/pam-VERSIO...Group -
Configure the Use of the pam_faillock.so Module in the /etc/pam.d/password-auth File.
The pam_faillock.so module must be loaded in preauth in /etc/pam.d/password-auth.Rule Medium Severity -
Configure the Use of the pam_faillock.so Module in the /etc/pam.d/system-auth File.
The pam_faillock.so module must be loaded in preauth in /etc/pam.d/system-auth.Rule Medium Severity -
Limit Password Reuse: password-auth
Do not allow users to reuse recent passwords. This can be accomplished by using the <code>remember</code> option for the <code>pam_pwhistory</code> PAM module. <br> <br> On systems with n...Rule Medium Severity -
Limit Password Reuse: system-auth
Do not allow users to reuse recent passwords. This can be accomplished by using the <code>remember</code> option for the <code>pam_pwhistory</code> PAM module. <br> <br> On systems with n...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules