C2S for Red Hat Enterprise Linux 7
Rules and Groups employed by this XCCDF Profile
-
Disable vsftpd Service
Thevsftpdservice can be disabled with the following command:$ sudo systemctl mask --now vsftpd.service
Rule Medium Severity -
Web Server
The web server is responsible for providing access to content via the HTTP protocol. Web servers represent a significant security risk because: <br...Group -
Disable Apache if Possible
If Apache was installed and activated, but the system does not need to act as a web server, then it should be disabled and removed from the system.Group -
Disable httpd Service
Thehttpdservice can be disabled with the following command:$ sudo systemctl mask --now httpd.service
Rule Unknown Severity -
IMAP and POP3 Server
Dovecot provides IMAP and POP3 services. It is not installed by default. The project page at <a href="http://www.dovecot.org">http://www.dovec...Group -
Disable Dovecot
If the system does not need to operate as an IMAP or POP3 server, the dovecot software should be disabled and removed.Group -
Disable Dovecot Service
Thedovecotservice can be disabled with the following command:$ sudo systemctl mask --now dovecot.service
Rule Unknown Severity -
LDAP
LDAP is a popular directory service, that is, a standardized way of looking up information from a central database. Red Hat Enterprise Linux 7 incl...Group -
Configure OpenLDAP Server
This section details some security-relevant settings for an OpenLDAP server. Installation and configuration of OpenLDAP on Red Hat Enterprise Linu...Group -
Uninstall openldap-servers Package
The openldap-servers package is not installed by default on a Red Hat Enterprise Linux 7 system. It is needed only by the OpenLDAP server, not by t...Rule Low Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules