Skip to content

CIS Red Hat Enterprise Linux 9 Benchmark for Level 2 - Server

Rules and Groups employed by this XCCDF Profile

  • Telnet

    The telnet protocol does not provide confidentiality or integrity for information transmitted on the network. This includes authentication informat...
    Group
  • Uninstall telnet-server Package

    The telnet-server package can be removed with the following command:
    $ sudo dnf erase telnet-server
    Rule High Severity
  • Remove telnet Clients

    The telnet client allows users to start connections to other systems via the telnet protocol.
    Rule Low Severity
  • TFTP Server

    TFTP is a lightweight version of the FTP protocol which has traditionally been used to configure networking equipment. However, TFTP provides littl...
    Group
  • Uninstall tftp-server Package

    The tftp-server package can be removed with the following command:
     $ sudo dnf erase tftp-server
    Rule High Severity
  • Remove tftp Daemon

    Trivial File Transfer Protocol (TFTP) is a simple file transfer protocol, typically used to automatically transfer configuration or boot files betw...
    Rule Low Severity
  • Print Support

    The Common Unix Printing System (CUPS) service provides both local and network printing support. A system running the CUPS service can accept print...
    Group
  • Uninstall CUPS Package

    The cups package can be removed with the following command:
    $ sudo dnf erase cups
    Rule Unknown Severity
  • Proxy Server

    A proxy server is a very desirable target for a potential adversary because much (or all) sensitive data for a given infrastructure may flow throug...
    Group
  • Disable Squid if Possible

    If Squid was installed and activated, but the system does not need to act as a proxy server, then it should be disabled and removed.
    Group
  • Uninstall squid Package

    The squid package can be removed with the following command:
     $ sudo dnf erase squid
    Rule Unknown Severity
  • Samba(SMB) Microsoft Windows File Sharing Server

    When properly configured, the Samba service allows Linux systems to provide file and print sharing to Microsoft Windows systems. There are two soft...
    Group
  • Disable Samba if Possible

    Even after the Samba server package has been installed, it will remain disabled. Do not enable this service unless it is absolutely necessary to pr...
    Group
  • Uninstall Samba Package

    The samba package can be removed with the following command:
     $ sudo dnf erase samba
    Rule Unknown Severity
  • SNMP Server

    The Simple Network Management Protocol allows administrators to monitor the state of network devices, including computers. Older versions of SNMP w...
    Group
  • Disable SNMP Server if Possible

    The system includes an SNMP daemon that allows for its remote monitoring, though it not installed by default. If it was installed and activated but...
    Group
  • Uninstall net-snmp Package

    The <code>net-snmp</code> package provides the snmpd service. The <code>net-snmp</code> package can be removed with the following command: <pre> $...
    Rule Unknown Severity
  • SSH Server

    The SSH protocol is recommended for remote login and remote file transfer. SSH provides confidentiality and integrity for data exchanged between tw...
    Group
  • Verify Group Who Owns SSH Server config file

    To properly set the group owner of /etc/ssh/sshd_config, run the command:
    $ sudo chgrp root /etc/ssh/sshd_config
    Rule Medium Severity
  • Verify Group Ownership on SSH Server Private *_key Key Files

    SSH server private keys, files that match the /etc/ssh/*_key glob, must be group-owned by ssh_keys group.
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules