Health Insurance Portability and Accountability Act (HIPAA)
Rules and Groups employed by this XCCDF Profile
-
Ensure gpgcheck Enabled for All dnf Package Repositories
To ensure signature checking is not disabled for any repos, remove any lines from files in/etc/yum.repos.dof the form:gpgcheck=0
Rule High Severity -
Ensure Red Hat GPG Key Installed
To ensure the system can cryptographically verify base software packages come from Red Hat (and to connect to the Red Hat Network to receive them), the Red Hat GPG key must properly be installed. T...Rule High Severity -
Account and Access Control
In traditional Unix security, if an attacker gains shell access to a certain login account, they can perform any action or access any file to which that account has access. Therefore, making it mor...Group -
Enable authselect
Configure user authentication setup to use the <code>authselect</code> tool. If authselect profile is selected, the rule will enable the <xccdf-1.2:sub idref="xccdf_org.ssgproject.content_value_var...Rule Medium Severity -
Protect Physical Console Access
It is impossible to fully protect a system from an attacker with physical access, so securing the space in which the system is located should be considered a necessary step. However, there are some...Group -
Disable debug-shell SystemD Service
SystemD's <code>debug-shell</code> service is intended to diagnose SystemD related boot issues with various <code>systemctl</code> commands. Once enabled and following a system reboot, the root she...Rule Medium Severity -
Disable Ctrl-Alt-Del Burst Action
By default, <code>SystemD</code> will reboot the system if the <code>Ctrl-Alt-Del</code> key sequence is pressed Ctrl-Alt-Delete more than 7 times in 2 seconds. <br> <br> To configu...Rule High Severity -
Disable Ctrl-Alt-Del Reboot Activation
By default, <code>SystemD</code> will reboot the system if the <code>Ctrl-Alt-Del</code> key sequence is pressed. <br> <br> To configure the system to ignore the <code>Ctrl-Alt-Del<...Rule High Severity -
Verify that Interactive Boot is Disabled
Red Hat Enterprise Linux 9 systems support an "interactive boot" option that can be used to prevent services from being started. On a Red Hat Enterprise Linux 9 system, interactive boot can be enab...Rule Medium Severity -
Require Authentication for Single User Mode
Single-user mode is intended as a system recovery method, providing a single user root access to the system by providing a boot option at startup. <br> <br> By default, single-user ...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules