PCI-DSS v4.0 Control Baseline for Red Hat Enterprise Linux 7
Rules and Groups employed by this XCCDF Profile
-
Disable All NFS Services if Possible
If there is not a reason for the system to operate as either an NFS client or an NFS server, follow all instructions in this section to disable subsystems required by NFS.Group -
Disable Services Used Only by NFS
If NFS is not needed, disable the NFS client daemons nfslock, rpcgssd, and rpcidmapd. <br><br> All of these daemons run with elevated privileges, and many listen for network connections. If they ar...Group -
Disable rpcbind Service
The rpcbind utility maps RPC services to the ports on which they listen. RPC processes notify rpcbind when they start, registering the ports they are listening on and the RPC program numbers they e...Rule Low Severity -
Network Time Protocol
The Network Time Protocol is used to manage the system clock over a network. Computer clocks are not very accurate, so time will drift unpredictably on unmanaged systems. Central time protocols can...Group -
The Chrony package is installed
System time should be synchronized between all systems in an environment. This is typically done by establishing an authoritative time server or set of servers and having all systems synchronize th...Rule Medium Severity -
Enable the NTP Daemon
Run the following command to determine the current status of the <code>chronyd</code> service: <pre>$ sudo systemctl is-active chronyd</pre> If the service is running, it should return the follow...Rule Medium Severity -
Enable the NTP Daemon
Thentpdservice can be enabled with the following command:$ sudo systemctl enable ntpd.service
Rule Medium Severity -
Ensure that chronyd is running under chrony user account
chrony is a daemon which implements the Network Time Protocol (NTP). It is designed to synchronize system clocks across a variety of systems and use a source that is highly accurate. More informati...Rule Medium Severity -
A remote time server for Chrony is configured
<code>Chrony</code> is a daemon which implements the Network Time Protocol (NTP). It is designed to synchronize system clocks across a variety of systems and use a source that is highly accurate. M...Rule Medium Severity -
Specify Additional Remote NTP Servers
Additional NTP servers can be specified for time synchronization in the file <code>/etc/ntp.conf</code>. To do so, add additional lines of the following form, substituting the IP address or hostna...Rule Unknown Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules