[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*


CCE-95488-3
Description: Once the rsyslog package is installed it needs to be activated. Rationale: If the rsyslog service is not activated the system may default to the syslogd service or lack logging instead. Audit: Run the following command to verify rsyslog is enabled: # systemctl is-enabled rsyslog en ...

CCE-90947-3
The 'gpgcheck' option controls whether RPM packages' signatures are always checked prior to installation. To configure yum to check package signatures before installing them, ensure the following line appears in '/etc/yum.conf' in the '[main]' section: 'gpgcheck=1'

CCE-90922-6
The SELinux state should be set to 'enforcing' at system boot time. In the file '/etc/selinux/config', add or correct the following line to configure the system to boot into enforcing mode: 'SELINUX=enforcing'

CCE-90921-8
To properly set the owner of '/etc/shadow', run the command:

CCE-90926-7
To properly set the group owner of '/etc/gshadow', run the command:

CCE-90643-8
If the 'auditd' daemon is configured to use the 'augenrules' program to read audit rules during daemon startup (the default), add the following line to a file with suffix '.rules' in the directory '/etc/audit/rules.d': '-a always,exit -F arch=b32 -S adjtimex -k audit_time_rules' If the system is 64 ...

CCE-90952-3
To properly set the group owner of '/etc/group', run the command:

CCE-90933-3
To properly set the permissions of '/etc/passwd', run the command:

CCE-90955-6
Limit the ciphers to those algorithms which are FIPS-approved. Counter (CTR) mode is also preferred over cipher-block chaining (CBC) mode. The following line in '/etc/ssh/sshd_config' demonstrates use of FIPS-approved ciphers: 'Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc, ...

CCE-90789-9
To configure the system to prevent the 'freevxfs' kernel module from being loaded, add the following line to a file in the directory '/etc/modprobe.d':

CCE-90958-0
To ensure the SSH idle timeout occurs precisely when the 'ClientAliveCountMax' is set, edit '/etc/ssh/sshd_config' as follows: 'ClientAliveCountMax 0'

CCE-90930-9
SSH's cryptographic host-based authentication is more secure than '.rhosts' authentication. However, it is not recommended that hosts unilaterally trust one another, even within an organization. To disable host-based authentication, add or correct the following line in '/etc/ssh/sshd_config': 'Host ...

CCE-90937-4
To properly set the owner of '/etc/group', run the command:

CCE-90978-8
To properly set the owner of '/etc/gshadow', run the command:

CCE-90917-6
To properly set the group owner of '/etc/passwd', run the command:

CCE-90800-4
To configure the system to prevent the 'jffs2' kernel module from being loaded, add the following line to a file in the directory '/etc/modprobe.d':

CCE-90778-2
To configure the system to prevent the 'cramfs' kernel module from being loaded, add the following line to a file in the directory '/etc/modprobe.d':

CCE-90967-1
To specify password length requirements for new accounts, edit the file '/etc/login.defs' and add or correct the following lines: 'PASS_MIN_LEN 14

CCE-90948-1
The PASS_MIN_DAYS parameter in /etc/login.defs allows an administrator to prevent users from changing their password until a minimum number of days have passed since the last time the user changed their password. It is recommended that PASS_MIN_DAYS parameter be set to 7 or more days. Rationale: By ...

CCE-90828-5
The PASS_MAX_DAYS parameter in /etc/login.defs allows an administrator to force passwords to expire once they reach a defined age. It is recommended that the PASS_MAX_DAYS parameter be set to less than or equal to 60 days. Rationale: The window of opportunity for an attacker to leverage compromised ...

CPE    1
cpe:/o:redhat:enterprise_linux:7
*XCCDF
xccdf_org.secpod_benchmark_SecPod_RHEL_7
OVAL    20
oval:org.secpod.oval:def:30592
oval:org.secpod.oval:def:30577
oval:org.secpod.oval:def:30612
oval:org.secpod.oval:def:30334
...

© SecPod Technologies