[Forgot Password]
Login  Register Subscribe

25354

 
 

132811

 
 

144711

 
 

909

 
 

116351

 
 

156

Paid content will be excluded from the download.


Download | Alert*


CCE-90947-3
Ensure gpgcheck Enabled In Main Yum Configuration The 'gpgcheck' option controls whether RPM packages' signatures are always checked prior to installation. To configure yum to check package signatures before installing them, ensure the following line appears in '/etc/yum.conf' in the '[main]' secti ...

CCE-90922-6
Ensure SELinux State is Enforcing The SELinux state should be set to 'enforcing' at system boot time. In the file '/etc/selinux/config', add or correct the following line to configure the system to boot into enforcing mode: 'SELINUX=enforcing'

CCE-90948-1
Set Password Minimum Age To specify password minimum age for new accounts, edit the file '/etc/login.defs' and add or correct the following line, replacing

CCE-90921-8
Verify User Who Owns shadow File To properly set the owner of '/etc/shadow', run the command:

CCE-90926-7
Verify Group Who Owns gshadow File To properly set the group owner of '/etc/gshadow', run the command:

CCE-90643-8
Record attempts to alter time through adjtimex If the 'auditd' daemon is configured to use the 'augenrules' program to read audit rules during daemon startup (the default), add the following line to a file with suffix '.rules' in the directory '/etc/audit/rules.d': '-a always,exit -F arch=b32 -S ad ...

CCE-90952-3
Verify Group Who Owns group File To properly set the group owner of '/etc/group', run the command:

CCE-90955-6
Use Only Approved Ciphers Limit the ciphers to those algorithms which are FIPS-approved. Counter (CTR) mode is also preferred over cipher-block chaining (CBC) mode. The following line in '/etc/ssh/sshd_config' demonstrates use of FIPS-approved ciphers: 'Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes1 ...

CCE-90933-3
Verify Permissions on passwd File To properly set the permissions of '/etc/passwd', run the command:

CCE-90930-9
Disable Host-Based Authentication SSH's cryptographic host-based authentication is more secure than '.rhosts' authentication. However, it is not recommended that hosts unilaterally trust one another, even within an organization. To disable host-based authentication, add or correct the following li ...

CCE-90958-0
Set SSH Client Alive Count To ensure the SSH idle timeout occurs precisely when the 'ClientAliveCountMax' is set, edit '/etc/ssh/sshd_config' as follows: 'ClientAliveCountMax 0'

CCE-90789-9
Disable Mounting of freevxfs To configure the system to prevent the 'freevxfs' kernel module from being loaded, add the following line to a file in the directory '/etc/modprobe.d':

CCE-90742-8
Enable Postfix Service The Postfix mail transfer agent is used for local mail delivery within the system. The default configuration only listens for connections to the default SMTP port (port 25) on the loopback interface (127.0.0.1). It is recommended to leave this service enabled for local mail ...

CCE-90937-4
Verify User Who Owns group File To properly set the owner of '/etc/group', run the command:

CCE-90978-8
Verify User Who Owns gshadow File To properly set the owner of '/etc/gshadow', run the command:

CCE-90620-6
Enable rsyslog Service The 'rsyslog' service provides syslog-style logging by default on RHEL 7. The 'rsyslog' service can be enabled with the following command: '$ sudo systemctl enable rsyslog'

CCE-90917-6
Verify Group Who Owns passwd File To properly set the group owner of '/etc/passwd', run the command:

CCE-90877-2
Disable Ctrl-Alt-Del Reboot Activation By default, the system includes the following line in '/etc/init/control-alt-delete.conf' to reboot the system when the Ctrl-Alt-Del key sequence is pressed: 'exec /sbin/shutdown -r now "Control-Alt-Delete pressed"' To configure the system to log a message in ...

CCE-90800-4
Disable Mounting of jffs2 To configure the system to prevent the 'jffs2' kernel module from being loaded, add the following line to a file in the directory '/etc/modprobe.d':

CCE-90828-5
Set Password Maximum Age To specify password maximum age for new accounts, edit the file '/etc/login.defs' and add or correct the following line, replacing

CCE-90778-2
Disable Mounting of cramfs To configure the system to prevent the 'cramfs' kernel module from being loaded, add the following line to a file in the directory '/etc/modprobe.d':

CCE-90967-1
Set Password Minimum Length in login.defs To specify password length requirements for new accounts, edit the file '/etc/login.defs' and add or correct the following lines: 'PASS_MIN_LEN 14

CPE    1
cpe:/o:redhat:enterprise_linux:7
*XCCDF
xccdf_org.secpod_benchmark_SecPod_RHEL_7
OVAL    22
oval:org.secpod.oval:def:30582
oval:org.secpod.oval:def:30484
oval:org.secpod.oval:def:30463
oval:org.secpod.oval:def:30578
...

© SecPod Technologies