CIS Red Hat Enterprise Linux 9 Benchmark for Level 2 - Workstation
Rules and Groups employed by this XCCDF Profile
-
Verify Group Who Owns /etc/shells File
To properly set the group owner of/etc/shells, run the command:$ sudo chgrp root /etc/shells
Rule Medium Severity -
Verify Who Owns /etc/shells File
To properly set the owner of/etc/shells, run the command:$ sudo chown root /etc/shells
Rule Medium Severity -
Verify Permissions on /etc/shells File
To properly set the permissions of/etc/shells, run the command:$ sudo chmod 0644 /etc/shells
Rule Medium Severity -
Use Only Strong Key Exchange algorithms
Limit the Key Exchange to strong algorithms. The following line in <code>/etc/ssh/sshd_config</code> demonstrates use of those: <pre>KexAlgorithms <xccdf-1.2:sub idref="xccdf_org.ssgproject.content...Rule Medium Severity -
Use Only Strong MACs
Limit the MACs to strong hash algorithms. The following line in <code>/etc/ssh/sshd_config</code> demonstrates use of those MACs: <pre>MACs <xccdf-1.2:sub idref="xccdf_org.ssgproject.content_value_...Rule Medium Severity -
Ensure the audit-libs package as a part of audit Subsystem is Installed
The audit-libs package should be installed.Rule Medium Severity -
Record Events that Modify the System's Network Environment
If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default), add the following line to a file with suffix <cod...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules