DISA Oracle Linux 7 STIG v2r9

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: DISA Oracle Linux 7 STIG v2r9

Updated: 5/19/2023

Authority: Operating Systems and Applications

Plugin: Unix

Revision: 1.9

Estimated Item Count: 326

Audit Changelog

 
Revision 1.9

May 19, 2023

Functional Update
  • OL07-00-020111 - The Oracle Linux operating system must disable the graphical user interface automounter unless required - autorun-never
  • OL07-00-020111 - The Oracle Linux operating system must disable the graphical user interface automounter unless required - locks automount
  • OL07-00-020111 - The Oracle Linux operating system must disable the graphical user interface automounter unless required - locks automount-open
  • OL07-00-020111 - The Oracle Linux operating system must disable the graphical user interface automounter unless required - locks autorun-never
  • OL07-00-040160 - The Oracle Linux operating system must be configured so that all network connections associated with a communication session are terminated at the end of the session or after 15 minutes of inactivity from the user at a command prompt, except to fulfill documented and validated mission requirements.
Revision 1.8

May 16, 2023

Miscellaneous
  • Audit deprecated.
  • Metadata updated.
  • References updated.
Revision 1.7

May 2, 2023

Functional Update
  • OL07-00-010260 - The Oracle Linux operating system must be configured so that existing passwords are restricted to a 60-day maximum lifetime.
  • OL07-00-040160 - The Oracle Linux operating system must be configured so that all network connections associated with a communication session are terminated at the end of the session or after 15 minutes of inactivity from the user at a command prompt, except to fulfill documented and validated mission requirements.
Revision 1.6

Apr 12, 2023

Functional Update
  • OL07-00-010120 - The Oracle Linux operating system must be configured so that when passwords are changed or new passwords are established, the new password must contain at least one upper-case character.
  • OL07-00-010130 - The Oracle Linux operating system must be configured so that when passwords are changed or new passwords are established, the new password must contain at least one lower-case character.
  • OL07-00-010140 - The Oracle Linux operating system must be configured so that when passwords are changed or new passwords are assigned, the new password must contain at least one numeric character.
  • OL07-00-010150 - The Oracle Linux operating system must be configured so that when passwords are changed or new passwords are established, the new password must contain at least one special character.
  • OL07-00-010160 - The Oracle Linux operating system must be configured so that when passwords are changed a minimum of eight of the total number of characters must be changed.
  • OL07-00-010170 - The Oracle Linux operating system must be configured so that when passwords are changed a minimum of four character classes must be changed.
  • OL07-00-010180 - The Oracle Linux operating system must be configured so that when passwords are changed the number of repeating consecutive characters must not be more than three characters.
  • OL07-00-010190 - The Oracle Linux operating system must be configured so that when passwords are changed the number of repeating characters of the same character class must not be more than four characters.
  • OL07-00-010210 - The Oracle Linux operating system must be configured to use the shadow file to store only encrypted representations of passwords.
  • OL07-00-010230 - The Oracle Linux operating system must be configured so that passwords for new users are restricted to a 24 hours/1 day minimum lifetime.
  • OL07-00-010250 - The Oracle Linux operating system must be configured so that passwords for new users are restricted to a 60-day maximum lifetime.
  • OL07-00-010280 - The Oracle Linux operating system must be configured so that passwords are a minimum of 15 characters in length.
  • OL07-00-010430 - The Oracle Linux operating system must be configured so that the delay between logon prompts following a failed console logon attempt is at least four seconds.
  • OL07-00-020240 - The Oracle Linux operating system must define default permissions for all authenticated users in such a way that the user can only read and modify their own files.
  • OL07-00-020610 - The Oracle Linux operating system must be configured so that all local interactive user accounts, upon creation, are assigned a home directory.
Miscellaneous
  • Metadata updated.
  • Platform check updated.
  • Variables updated.
Revision 1.5

Apr 3, 2023

Functional Update
  • OL07-00-010483 - Oracle Linux operating systems version 7.2 or newer booted with a BIOS must have a unique name for the grub superusers account when booting into single-user and maintenance modes.
  • OL07-00-020023 - The Oracle Linux operating system must elevate the SELinux context when an administrator calls the sudo command.
  • OL07-00-020111 - The Oracle Linux operating system must disable the graphical user interface automounter unless required - automount
  • OL07-00-020111 - The Oracle Linux operating system must disable the graphical user interface automounter unless required - autorun-never
  • OL07-00-020111 - The Oracle Linux operating system must disable the graphical user interface automounter unless required - locks automount
  • OL07-00-020111 - The Oracle Linux operating system must disable the graphical user interface automounter unless required - locks automount-open
  • OL07-00-020111 - The Oracle Linux operating system must disable the graphical user interface automounter unless required - locks autorun-never
  • OL07-00-020111 - The Oracle Linux operating system must disable the graphical user interface automounter unless required.
  • OL07-00-020630 - The Oracle Linux operating system must be configured so that all local interactive user home directories have mode 0750 or less permissive.
  • OL07-00-021040 - The Oracle Linux operating system must set the umask value to 077 for all local interactive user accounts.
  • OL07-00-030630 - The Oracle Linux operating system must audit all uses of the passwd command.
  • OL07-00-030640 - The Oracle Linux operating system must audit all uses of the unix_chkpwd command.
Revision 1.4

Mar 20, 2023

Functional Update
  • OL07-00-040350 - The Oracle Linux operating system must be configured so that the SSH daemon does not allow authentication using rhosts authentication.
Revision 1.3

Mar 7, 2023

Miscellaneous
  • Metadata updated.
  • References updated.
Revision 1.2

Jan 4, 2023

Functional Update
  • OL07-00-010339 - The Oracle Linux operating system must specify the default 'include' directory for the /etc/sudoers file - sudoers
  • OL07-00-020019 - The Oracle Linux operating system must implement the Endpoint Security for Linux Threat Prevention tool - mcafeetp package
  • OL07-00-020231 - The Oracle Linux operating system must be configured so the x86 Ctrl-Alt-Delete key sequence is disabled in the Graphical User Interface.
Miscellaneous
  • Metadata updated.
  • Variables updated.
Revision 1.1

Dec 7, 2022

Miscellaneous
  • Metadata updated.