Skip to content
ATO Pathways
  Log In

CIS Red Hat Enterprise Linux 9 Benchmark for Level 2 - Server

Rules and Groups employed by this XCCDF Profile

  • Verify Proper Storage and Existence of Password Hashes

    By default, password hashes for local accounts are stored in the second field (colon-separated) in <code>/etc/shadow</code>. This file should be re...
    Group
    Show

  • Verify All Account Password Hashes are Shadowed

    If any password hashes are stored in <code>/etc/passwd</code> (in the second field, instead of an <code>x</code> or <code>*</code>), the cause of t...
    Rule Medium Severity
    Show

  • Ensure all users last password change date is in the past

    All users should have a password change date in the past.
    Rule Medium Severity
    Show

  • All GIDs referenced in /etc/passwd must be defined in /etc/group

    Add a group to the system for each GID referenced without a corresponding group.
    Rule Low Severity
    Show

  • Prevent Login to Accounts With Empty Password

    If an account is configured for password authentication but does not have an assigned password, it may be possible to log into the account without ...
    Rule High Severity
    Show

  • Ensure There Are No Accounts With Blank or Null Passwords

    Check the "/etc/shadow" file for blank passwords with the following command: <pre>$ sudo awk -F: '!$2 {print $1}' /etc/shadow</pre> If the command ...
    Rule High Severity
    Show

  • Verify No .forward Files Exist

    The .forward file specifies an email address to forward the user's mail to.
    Rule Medium Severity
    Show

  • Verify No netrc Files Exist

    The <code>.netrc</code> files contain login information used to auto-login into FTP servers and reside in the user's home directory. These files ma...
    Rule Medium Severity
    Show

  • Restrict Root Logins

    Direct root logins should be allowed only for emergency use. In normal situations, the administrator should access the system via a unique unprivil...
    Group
    Show

  • Verify Only Root Has UID 0

    If any account other than root has a UID of 0, this misconfiguration should be investigated and the accounts other than root should be removed or h...
    Rule High Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules