Skip to content
ATO Pathways
  Log In

Red Hat Corporate Profile for Certified Cloud Providers (RH CCP)

Rules and Groups employed by this XCCDF Profile

  • Verify All Account Password Hashes are Shadowed

    If any password hashes are stored in <code>/etc/passwd</code> (in the second field, instead of an <code>x</code> or <code>*</code>), the cause of t...
    Rule Medium Severity
    Show

  • Prevent Login to Accounts With Empty Password

    If an account is configured for password authentication but does not have an assigned password, it may be possible to log into the account without ...
    Rule High Severity
    Show

  • Restrict Root Logins

    Direct root logins should be allowed only for emergency use. In normal situations, the administrator should access the system via a unique unprivil...
    Group
    Show

  • Verify Only Root Has UID 0

    If any account other than root has a UID of 0, this misconfiguration should be investigated and the accounts other than root should be removed or h...
    Rule High Severity
    Show

  • Ensure that System Accounts Do Not Run a Shell Upon Login

    Some accounts are not associated with a human user of the system, and exist to perform some administrative functions. Should an attacker be able to...
    Rule Medium Severity
    Show

  • System Accounting with auditd

    The audit service provides substantial capabilities for recording system activities. By default, the service audits about SELinux AVC denials and c...
    Group
    Show

  • Configure auditd Rules for Comprehensive Auditing

    The <code>auditd</code> program can perform comprehensive monitoring of system activity. This section describes recommended configuration settings ...
    Group
    Show

  • System Audit Logs Must Have Mode 0640 or Less Permissive

    Determine where the audit logs are stored with the following command: <pre>$ sudo grep -iw log_file /etc/audit/auditd.conf log_file = /var/log/aud...
    Rule Medium Severity
    Show

  • GRUB2 bootloader configuration

    During the boot process, the boot loader is responsible for starting the execution of the kernel and passing options to it. The boot loader allows ...
    Group
    Show

  • Non-UEFI GRUB2 bootloader configuration

    Non-UEFI GRUB2 bootloader configuration
    Group
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules