Skip to content

DRAFT - DISA STIG for Red Hat Enterprise Linux 10

Rules and Groups employed by this XCCDF Profile

  • Set Default firewalld Zone for Incoming Packets

    To set the default zone to <code>drop</code> for the built-in default zone which processes incoming IPv4 and IPv6 packets, modify the following line in <code>/etc/firewalld/firewalld.conf</code> to...
    Rule Medium Severity
  • IPSec Support

    Support for Internet Protocol Security (IPsec) is provided with Libreswan.
  • Install libreswan Package

    The libreswan package provides an implementation of IPsec and IKE, which permits the creation of secure tunnels over untrusted networks. The <code>libreswan</code> package can be installed with the...
    Rule Medium Severity
  • Verify Any Configured IPSec Tunnel Connections

    Libreswan provides an implementation of IPsec and IKE, which permits the creation of secure tunnels over untrusted networks. As such, IPsec can be used to circumvent certain network requirements su...
    Rule Medium Severity
  • IPv6

    The system includes support for Internet Protocol version 6. A major and often-mentioned improvement over IPv4 is its enormous increase in the number of available addresses. Another important featu...

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
