Gaia Hardening

This document describes the hardening of the Check Point Gaia operating system.

Components that are not necessary for a network security device, or that could cause security vulnerabilities, were removed.

Check Point Gaia R81.20 is based on Red Hat 7.9 version and the Linux kernel 3.10.0-1160.

The applications removed from the Red Hat operating system include X Windows, Office applications, games, and many other applications that are irrelevant to Firewall operations.

This document describes the remaining packages and modifications to the system.

Important Notes

• RPMs not needed for network security services were removed.

• The RPMs listed in this document refer to Check Point Gaia R81.20 version.

• The list of RPMs does not include Check Point application packages that are installed on the Gaia system. The list only applies to the Gaia operating system hardening.

• Gaia OS is derived from a Red Hat Linux distribution. The source code for these modified packages is available for review, as described in the License.txt file on the Gaia distribution media.

• The hardening of some Gaia components, such as those requiring external network communications, was audited by Check Point staff and by an independent security consulting organization.