CCN Red Hat Enterprise Linux 9 - Advanced
Rules and Groups employed by this XCCDF Profile
-
DNS Server
Most organizations have an operational need to run at least one nameserver. However, there are many common attacks involving DNS server software, a...Group -
Disable DNS Server
DNS software should be disabled on any systems which does not need to be a nameserver. Note that the BIND DNS server software is not installed on R...Group -
Uninstall bind Package
The <code>named</code> service is provided by the <code>bind</code> package. The <code>bind</code> package can be removed with the following comman...Rule Low Severity -
FTP Server
FTP is a common method for allowing remote access to files. Like telnet, the FTP protocol is unencrypted, which means that passwords and other data...Group -
Disable vsftpd if Possible
To minimize attack surface, disable vsftpd if at all possible.Group -
Uninstall vsftpd Package
Thevsftpdpackage can be removed with the following command:$ sudo dnf erase vsftpd
Rule High Severity -
IMAP and POP3 Server
Dovecot provides IMAP and POP3 services. It is not installed by default. The project page at <a href="http://www.dovecot.org">http://www.dovec...Group -
Disable Cyrus IMAP
If the system does not need to operate as an IMAP or POP3 server, the Cyrus IMAP software should be removed.Group -
Uninstall cyrus-imapd Package
Thecyrus-imapdpackage can be removed with the following command:$ sudo dnf erase cyrus-imapd
Rule Unknown Severity -
Disable Dovecot
If the system does not need to operate as an IMAP or POP3 server, the dovecot software should be disabled and removed.Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules