RHV hardening based on STIG for Red Hat Enterprise Linux 7
Rules and Groups employed by this XCCDF Profile
-
Install the opensc Package For Multifactor Authentication
Theopenscpackage can be installed with the following command:$ sudo yum install opensc
Rule Medium Severity -
Install the pcsc-lite package
Thepcsc-litepackage can be installed with the following command:$ sudo yum install pcsc-lite
Rule Medium Severity -
Enable the pcscd Service
Thepcscdservice can be enabled with the following command:$ sudo systemctl enable pcscd.service
Rule Medium Severity -
Configure opensc Smart Card Drivers
The OpenSC smart card tool can auto-detect smart card drivers; however, setting the smart card drivers in use by your organization helps to prevent users from using unauthorized smart cards. The de...Rule Medium Severity -
Configure NSS DB To Use opensc
The <code>opensc</code> module should be configured for use over the <code>Coolkey PKCS#11</code> module in the NSS database. To configure the NSS database to use the <code>opensc</code> module, ru...Rule Medium Severity -
Force opensc To Use Defined Smart Card Driver
The OpenSC smart card middleware can auto-detect smart card drivers; however by forcing the smart card driver in use by your organization, opensc will no longer autodetect or use other drivers unle...Rule Medium Severity -
Protect Accounts by Restricting Password-Based Login
Conventionally, Unix shell accounts are accessed by providing a username and password to a login program, which tests these values for correctness using the <code>/etc/passwd</code> and <code>/etc/...Group -
Set Account Expiration Parameters
Accounts can be configured to be automatically disabled after a certain time period, meaning that they will require administrator interaction to become usable again. Expiration of accounts after in...Group -
Set Account Expiration Following Inactivity
To specify the number of days after a password expires (which signifies inactivity) until an account is permanently disabled, add or correct the following line in <code>/etc/default/useradd</code>:...Rule Medium Severity -
Set Password Expiration Parameters
The file <code>/etc/login.defs</code> controls several password-related settings. Programs such as <code>passwd</code>, <code>su</code>, and <code>login</code> consult <code>/etc/login.defs</code> ...Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules