PCI-DSS v4.0 Control Baseline for Red Hat Enterprise Linux 9
Rules and Groups employed by this XCCDF Profile
-
Strengthen the Default Ruleset
The default rules can be strengthened. The system scripts that activate the firewall rules expect them to be defined in configuration files under t...Group -
Configure the Firewalld Ports
Configure the <code>firewalld</code> ports to allow approved services to have access to the system. To configure <code>firewalld</code> to open por...Rule Medium Severity -
Configure Firewalld to Restrict Loopback Traffic
Configure <code>firewalld</code> to restrict loopback traffic to the <code>lo</code> interface. The loopback traffic must be trusted by assigning ...Rule Medium Severity -
Configure Firewalld to Trust Loopback Traffic
Assign loopback interface to the <code>firewalld</code> <code>trusted</code> zone in order to explicitly allow the loopback traffic in the system. ...Rule Medium Severity -
Set Default firewalld Zone for Incoming Packets
To set the default zone to <code>drop</code> for the built-in default zone which processes incoming IPv4 and IPv6 packets, modify the following lin...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules