Skip to content
Log In

Centro Criptológico Nacional (CCN) - STIC for Red Hat Enterprise Linux 9 - Advanced

Rules and Groups employed by this XCCDF Profile

  • Disable Mounting of udf

    To configure the system to prevent the <code>udf</code> kernel module from being loaded, add the following line to the file <code>/etc/modprobe.d/udf.conf</code>: <pre>install udf /bin/false</pre>...
    Rule Low Severity
    Show

  • Disable Modprobe Loading of USB Storage Driver

    To prevent USB storage devices from being used, configure the kernel module loading system to prevent automatic loading of the USB storage driver. To configure the system to prevent the <code>usb-...
    Rule Medium Severity
    Show

  • Restrict Programs from Dangerous Execution Patterns

    The recommendations in this section are designed to ensure that the system's features to protect against potentially dangerous program execution are activated. These protections are applied at the ...
    Group
    Show

  • Disable Core Dumps

    A core dump file is the memory image of an executable program when it was terminated by the operating system due to errant behavior. In most cases, only software developers legitimately need to acc...
    Group
    Show

  • Disable Core Dumps for SUID programs

    To set the runtime status of the <code>fs.suid_dumpable</code> kernel parameter, run the following command: <pre>$ sudo sysctl -w fs.suid_dumpable=0</pre> To make sure that the setting is persisten...
    Rule Medium Severity
    Show

  • SELinux

    SELinux is a feature of the Linux kernel which can be used to guard against misconfigured or compromised programs. SELinux enforces the idea that programs should be limited in what files they can a...
    Group
    Show

  • Install libselinux Package

    The libselinux package can be installed with the following command: 
    $ sudo dnf install libselinux
    Rule High Severity
    Show

  • Ensure SELinux Not Disabled in /etc/default/grub

    SELinux can be disabled at boot time by an argument in <code>/etc/default/grub</code>. Remove any instances of <code>selinux=0</code> from the kernel arguments in that file to prevent SELinux from ...
    Rule Medium Severity
    Show

  • Configure SELinux Policy

    The SELinux <code>targeted</code> policy is appropriate for general-purpose desktops and servers, as well as systems in many other roles. To configure the system to use this policy, add or correct ...
    Rule Medium Severity
    Show

  • Ensure SELinux State is Enforcing

    The SELinux state should be set to <code><xccdf-1.2:sub idref="xccdf_org.ssgproject.content_value_var_selinux_state" use="legacy"></xccdf-1.2:sub></code> at system boot time. In the file <code>/et...
    Rule High Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules