Skip to content

DISA STIG for Red Hat Enterprise Linux 9

Rules and Groups employed by this XCCDF Profile

  • Verify firewalld Enabled

    The firewalld service can be enabled with the following command:
    $ sudo systemctl enable firewalld.service
    Rule Medium Severity
  • Strengthen the Default Ruleset

    The default rules can be strengthened. The system scripts that activate the firewall rules expect them to be defined in configuration files under t...
    Group
  • Configure the Firewalld Ports

    Configure the <code>firewalld</code> ports to allow approved services to have access to the system. To configure <code>firewalld</code> to open por...
    Rule Medium Severity
  • Firewalld Must Employ a Deny-all, Allow-by-exception Policy for Allowing Connections to Other Systems

    Red Hat Enterprise Linux 9 incorporates the "firewalld" daemon, which allows for many different configurations. One of these configurations is zone...
    Rule Medium Severity
  • IPSec Support

    Support for Internet Protocol Security (IPsec) is provided with Libreswan.
    Group
  • Install libreswan Package

    The libreswan package provides an implementation of IPsec and IKE, which permits the creation of secure tunnels over untrusted networks. The <code>...
    Rule Medium Severity
  • Verify Any Configured IPSec Tunnel Connections

    Libreswan provides an implementation of IPsec and IKE, which permits the creation of secure tunnels over untrusted networks. As such, IPsec can be ...
    Rule Medium Severity
  • IPv6

    The system includes support for Internet Protocol version 6. A major and often-mentioned improvement over IPv4 is its enormous increase in the numb...
    Group
  • Configure IPv6 Settings if Necessary

    A major feature of IPv6 is the extent to which systems implementing it can automatically configure their networking devices using information from ...
    Group
  • Configure Accepting Router Advertisements on All IPv6 Interfaces

    To set the runtime status of the <code>net.ipv6.conf.all.accept_ra</code> kernel parameter, run the following command: <pre>$ sudo sysctl -w net.ip...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules