Skip to content

PCI-DSS v4.0 Control Baseline for Red Hat Enterprise Linux 9

Rules and Groups employed by this XCCDF Profile

  • Ensure Only Users Logged In To Real tty Can Execute Sudo - sudo use_pty

    The sudo <code>use_pty</code> tag, when specified, will only execute sudo commands from users logged in to a real tty. This should be enabled by ma...
    Rule Medium Severity
  • Ensure Sudo Logfile Exists - sudo logfile

    A custom log sudo file can be configured with the 'logfile' tag. This rule configures a sudo custom logfile at the default location suggested by CI...
    Rule Low Severity
  • Ensure Users Re-Authenticate for Privilege Escalation - sudo

    The sudo <code>NOPASSWD</code> and <code>!authenticate</code> option, when specified, allows a user to execute commands using sudo without having t...
    Rule Medium Severity
  • Require Re-Authentication When Using the sudo Command

    The sudo <code>timestamp_timeout</code> tag sets the amount of time sudo password prompt waits. The default <code>timestamp_timeout</code> value is...
    Rule Medium Severity
  • System Tooling / Utilities

    The following checks evaluate the system for recommended base packages -- both for installation and removal.
    Group
  • Updating Software

    The <code>dnf</code> command line tool is used to install and update software packages. The system also provides a graphical software update tool i...
    Group
  • Ensure gpgcheck Enabled In Main dnf Configuration

    The <code>gpgcheck</code> option controls whether RPM packages' signatures are always checked prior to installation. To configure dnf to check pack...
    Rule High Severity
  • Ensure gpgcheck Enabled for All dnf Package Repositories

    To ensure signature checking is not disabled for any repos, remove any lines from files in <code>/etc/yum.repos.d</code> of the form: <pre>gpgcheck...
    Rule High Severity
  • Ensure Red Hat GPG Key Installed

    To ensure the system can cryptographically verify base software packages come from Red Hat (and to connect to the Red Hat Network to receive them),...
    Rule High Severity
  • Ensure Software Patches Installed



    NOTE: U.S. Defense systems are required to be patched within 30 days or sooner as local policy dictates.
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules