III - Administrative Classified
Rules and Groups employed by this XCCDF Profile
-
SRG-OS-000114-GPOS-00059
<GroupDescription></GroupDescription>Group -
The Red Hat Enterprise Linux operating system must disable the graphical user interface automounter unless required.
<VulnDiscussion>Automatically mounting file systems permits easy introduction of unknown devices, thereby facilitating malicious activity. S...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
The Red Hat Enterprise Linux operating system must be configured so that all world-writable directories are owned by root, sys, bin, or an application user.
<VulnDiscussion>If a world-writable directory is not owned by root, sys, bin, or an application User Identifier (UID), unauthorized users may...Rule Medium Severity -
SRG-OS-000057-GPOS-00027
<GroupDescription></GroupDescription>Group -
The Red Hat Enterprise Linux operating system must protect audit information from unauthorized read, modification, or deletion.
<VulnDiscussion>If audit information were to become compromised, then forensic analysis and discovery of the true source of potentially malic...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
The Red Hat Enterprise Linux operating system SSH daemon must prevent remote hosts from connecting to the proxy display.
<VulnDiscussion>When X11 forwarding is enabled, there may be additional exposure to the server and client displays if the sshd proxy display ...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
The Red Hat Enterprise Linux operating system must restrict privilege elevation to authorized personnel.
<VulnDiscussion>The sudo command allows a user to execute programs with elevated (administrator) privileges. It prompts the user for their pa...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
The Red Hat Enterprise Linux operating system must use the invoking user's password for privilege escalation when using "sudo".
<VulnDiscussion>The sudoers security policy requires that users authenticate themselves before they can use sudo. When sudoers requires authe...Rule Medium Severity -
SRG-OS-000373-GPOS-00156
<GroupDescription></GroupDescription>Group -
The Red Hat Enterprise Linux operating system must require re-authentication when using the "sudo" command.
<VulnDiscussion>Without re-authentication, users may access resources or perform tasks for which they do not have authorization. When opera...Rule Medium Severity -
SRG-OS-000080-GPOS-00048
<GroupDescription></GroupDescription>Group -
Red Hat Enterprise Linux operating systems version 7.2 or newer booted with a BIOS must have a unique name for the grub superusers account when booting into single-user and maintenance modes.
<VulnDiscussion>If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes ...Rule Medium Severity -
SRG-OS-000080-GPOS-00048
<GroupDescription></GroupDescription>Group -
Red Hat Enterprise Linux operating systems version 7.2 or newer booted with United Extensible Firmware Interface (UEFI) must have a unique name for the grub superusers account when booting into single-user mode and maintenance.
<VulnDiscussion>If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes ...Rule Medium Severity -
SRG-OS-000324-GPOS-00125
<GroupDescription></GroupDescription>Group -
The Red Hat Enterprise Linux operating system must confine SELinux users to roles that conform to least privilege.
<VulnDiscussion>Preventing nonprivileged users from executing privileged functions mitigates the risk that unauthorized individuals or proces...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.