
Ce contenu n'est pas disponible dans la langue sélectionnée.

Appendix F. Securing Red Hat Virtualization

download PDF

This information is specific to Red Hat Virtualization. It does not cover fundamental security practices related to any of the following:

  • Disabling unnecessary services
  • Authentication
  • Authorization
  • Accounting
  • Penetration testing and hardening of non-RHV services
  • Encryption of sensitive application data


  • You should be proficient in your organization’s security standards and practices. If possible, consult with your organization’s Security Officer.
  • Consult the Red Hat Enterprise Linux Security hardening before deploying RHEL hosts.

F.1. Applying the DISA STIG profile in RHEL based hosts and the standalone Manager

When installing RHV, you can select the DISA STIG profile with the UI installer, which is the profile provided by RHEL 8.


The DISA STIG profile is not supported for Red Hat Virtualization Host (RHVH).


  1. In the Installation Summary screen, select Security Policy.
  2. In the Security Policy screen, set the Apply security policy to On.
  3. Select DISA STIG for Red Hat Enterprise Linux 8.
  4. Click Select profile. This action adds a green checkmark next to the profile and adds packages to the list of Changes that were done or need to be done. Follow the onscreen instructions if they direct you to make any changes.
  5. Click Done.
  6. On the Installation Summary screen, verify that the status of Security Policy is Everything okay.
  7. Reboot the host.

F.1.1. Enabling DISA STIG in a self-hosted engine

You can enable DISA STIG in a self-hosted engine during deployment when using the command-line.


  1. Start the self-hosted engine deployment script. See Installing Red Hat Virtualization as a self-hosted engine using the command line.
  2. When the deployment script prompts Do you want to apply an OpenSCAP security profile?, enter Yes.
  3. When the deployment script prompts Please provide the security profile you would like to use?, enter stig.

F.2. Applying the PCI-DSS profile in RHV hosts and the standalone Manager

When installing RHVH, you can select the PCI-DSS profile with the UI installer, which is the profile provided by RHEL 8.


  1. In the Installation Summary screen, select Security Policy.
  2. In the Security Policy screen, set the Apply security policy to On.
  3. Select PCI-DSS v3.2.1 Control Baseline for Red Hat Enterprise Linux 8.
  4. Click Select profile. This action adds a green checkmark next to the profile and adds packages to the list of Changes that were done or need to be done. Follow the onscreen instructions if they direct you to make any changes.
  5. Click Done.
  6. In the Installation Summary screen, verify that the status of Security Policy is Everything okay.
  7. Reboot the host.

F.2.1. Enabling PCI-DSS in a self-hosted engine

You can enable PCI-DSS in a self-hosted engine during deployment when using the command-line.


  1. Start the self-hosted engine deployment script. See Installing Red Hat Virtualization as a self-hosted engine using the command line.
  2. When the deployment script prompts Do you want to apply an OpenSCAP security profile?, enter Yes.
  3. When the deployment script prompts Please provide the security profile you would like to use?, enter pci-dss.
Red Hat logoGithubRedditYoutubeTwitter


Essayez, achetez et vendez


À propos de la documentation Red Hat

Nous aidons les utilisateurs de Red Hat à innover et à atteindre leurs objectifs grâce à nos produits et services avec un contenu auquel ils peuvent faire confiance.

Rendre l’open source plus inclusif

Red Hat s'engage à remplacer le langage problématique dans notre code, notre documentation et nos propriétés Web. Pour plus de détails, consultez leBlog Red Hat.

À propos de Red Hat

Nous proposons des solutions renforcées qui facilitent le travail des entreprises sur plusieurs plates-formes et environnements, du centre de données central à la périphérie du réseau.

© 2024 Red Hat, Inc.