Skip to content

RHV hardening based on STIG for Red Hat Enterprise Linux 7

Rules and Groups employed by this XCCDF Profile

  • Operating System Vendor Support and Certification

    The assurance of a vendor to provide operating system support and maintenance for their product is an important criterion to ensure product stabili...
    Group
  • The Installed Operating System Is FIPS 140-2 Certified

    To enable processing of sensitive information the operating system must provide certified cryptographic modules compliant with FIPS 140-2 standard....
    Rule High Severity
  • Endpoint Protection Software

    Endpoint protection security software that is not provided or supported by Red Hat can be installed to provide complementary or duplicative secur...
    Group
  • Install Virus Scanning Software

    Virus scanning software can be used to protect a system from penetration from computer viruses and to limit their spread through intermediate syste...
    Rule High Severity
  • Install Intrusion Detection Software

    The base Red Hat Enterprise Linux 7 platform already includes a sophisticated auditing system that can detect intruder activity, as well as SELinux...
    Rule High Severity
  • Disk Partitioning

    To ensure separation and protection of data, there are top-level system directories which should be placed on their own physical partition or logic...
    Group
  • Encrypt Partitions

    Red Hat Enterprise Linux 7 natively supports partition encryption through the Linux Unified Key Setup-on-disk-format (LUKS) technology. The easiest...
    Rule High Severity
  • Ensure /home Located On Separate Partition

    If user home directories will be stored locally, create a separate partition for <code>/home</code> at installation time (or migrate it later using...
    Rule Low Severity
  • Ensure /tmp Located On Separate Partition

    The <code>/tmp</code> directory is a world-writable directory used for temporary file storage. Ensure it has its own partition or logical volume at...
    Rule Low Severity
  • Ensure /var Located On Separate Partition

    The <code>/var</code> directory is used by daemons and other system services to store frequently-changing data. Ensure that <code>/var</code> has i...
    Rule Low Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules