C2S for Red Hat Enterprise Linux 7
Rules and Groups employed by this XCCDF Profile
-
Network Time Protocol
The Network Time Protocol is used to manage the system clock over a network. Computer clocks are not very accurate, so time will drift unpredictably on unmanaged systems. Central time protocols can...Group -
Enable the NTP Daemon
Run the following command to determine the current status of the <code>chronyd</code> service: <pre>$ sudo systemctl is-active chronyd</pre> If the service is running, it should return the follow...Rule Medium Severity -
Obsolete Services
This section discusses a number of network-visible services which have historically caused problems for system security, and for which disabling or severely limiting the service has been the best a...Group -
Xinetd
The <code>xinetd</code> service acts as a dedicated listener for some network services (mostly, obsolete ones) and can be used to provide access controls and perform some logging. It has been large...Group -
Install tcp_wrappers Package
When network services are using the <code>xinetd</code> service, the <code>tcp_wrappers</code> package should be installed. The <code>tcp_wrappers</code> package can be installed with the following...Rule Medium Severity -
Disable xinetd Service
Thexinetdservice can be disabled with the following command:$ sudo systemctl mask --now xinetd.service
Rule Medium Severity -
NIS
The Network Information Service (NIS), also known as 'Yellow Pages' (YP), and its successor NIS+ have been made obsolete by Kerberos, LDAP, and other modern centralized authentication services. NIS...Group -
Remove NIS Client
The Network Information Service (NIS), formerly known as Yellow Pages, is a client-server directory service protocol used to distribute system configuration files. The NIS client (<code>ypbind</cod...Rule Unknown Severity -
Uninstall ypserv Package
Theypservpackage can be removed with the following command:$ sudo yum erase ypserv
Rule High Severity -
Rlogin, Rsh, and Rexec
The Berkeley r-commands are legacy services which allow cleartext remote access and have an insecure trust model.Group -
Uninstall rsh Package
Thershpackage contains the client commands for the rsh servicesRule Unknown Severity -
Disable rexec Service
The <code>rexec</code> service, which is available with the <code>rsh-server</code> package and runs as a service through xinetd or separately as a systemd socket, should be disabled. If using xine...Rule High Severity -
Disable rlogin Service
The <code>rlogin</code> service, which is available with the <code>rsh-server</code> package and runs as a service through xinetd or separately as a systemd socket, should be disabled. If using xin...Rule High Severity -
Disable rsh Service
The <code>rsh</code> service, which is available with the <code>rsh-server</code> package and runs as a service through xinetd or separately as a systemd socket, should be disabled. If using xinetd...Rule High Severity -
Remove Rsh Trust Files
The files <code>/etc/hosts.equiv</code> and <code>~/.rhosts</code> (in each user's home directory) list remote hosts and users that are trusted by the local system when using the rshd daemon. To re...Rule High Severity -
Chat/Messaging Services
The talk software makes it possible for users to send and receive messages across systems through a terminal session.Group -
Uninstall talk-server Package
Thetalk-serverpackage can be removed with the following command:$ sudo yum erase talk-server
Rule Medium Severity -
Uninstall talk Package
The <code>talk</code> package contains the client program for the Internet talk protocol, which allows the user to chat with other users on different systems. Talk is a communication program which ...Rule Medium Severity -
Telnet
The telnet protocol does not provide confidentiality or integrity for information transmitted on the network. This includes authentication information such as passwords. Organizations which use tel...Group -
Remove telnet Clients
The telnet client allows users to start connections to other systems via the telnet protocol.Rule Low Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules