May 19, 2023 Functional Update- OL08-00-020220 - OL 8 must be configured in the password-auth file to prohibit password reuse for a minimum of five generations.
- OL08-00-020221 - OL 8 must be configured in the system-auth file to prohibit password reuse for a minimum of five generations.
|
May 16, 2023 Miscellaneous- Audit deprecated.
- Metadata updated.
- References updated.
|
Apr 12, 2023 Functional Update- OL08-00-010110 - OL 8 must encrypt all stored passwords with a FIPS 140-2 approved cryptographic hashing algorithm.
- OL08-00-010130 - The OL 8 shadow password suite must be configured to use a sufficient number of hashing rounds.
- OL08-00-010291 - The OL 8 SSH server must be configured to use only ciphers employing FIPS 140-2 validated cryptographic algorithms.
- OL08-00-010571 - OL 8 must prevent files with the setuid and setgid bit set from being executed on the /boot directory.
- OL08-00-010760 - All OL 8 local interactive user accounts must be assigned a home directory upon creation.
- OL08-00-020190 - OL 8 passwords for new users or password changes must have a 24 hours/1 day minimum password lifetime restriction in '/etc/login.defs'.
- OL08-00-020200 - OL 8 user account passwords must have a 60-day maximum password lifetime restriction.
- OL08-00-020231 - OL 8 passwords for new users must have a minimum of 15 characters.
- OL08-00-020310 - OL 8 must enforce a delay of at least four seconds between logon prompts following a failed logon attempt.
- OL08-00-020351 - OL 8 default permissions must be defined in such a way that all authenticated users can read and modify only their own files.
Miscellaneous- Metadata updated.
- Platform check updated.
- Variables updated.
|
Mar 27, 2023 Functional Update- OL08-00-010400 - OL 8 must implement certificate status checking for multifactor authentication.
- OL08-00-010430 - OL 8 must implement address space layout randomization (ASLR) to protect its memory from unauthorized code execution - conf files
- OL08-00-020025 - OL 8 must configure the use of the pam_faillock.so module in the /etc/pam.d/system-auth file.
- OL08-00-020026 - OL 8 must configure the use of the pam_faillock.so module in the /etc/pam.d/password-auth file.
- OL08-00-040281 - OL 8 must disable access to the network 'bpf' syscall from unprivileged processes - conf files
- OL08-00-040282 - OL 8 must restrict the use of 'ptrace' to descendant processes - conf files
- OL08-00-040283 - OL 8 must restrict exposed kernel pointer addresses access - conf files
- OL08-00-040285 - OL 8 must use reverse path filtering on all IPv4 interfaces - conf files
|
Mar 21, 2023 Functional Update- OL08-00-040284 - OL 8 must disable the use of user namespaces - conf files
|
Mar 7, 2023 Miscellaneous- Metadata updated.
- References updated.
|
Feb 7, 2023 Functional Update- OL08-00-010590 - OL 8 file systems that contain user home directories must not execute binary files.
- OL08-00-020028 - OL 8 systems below version 8.2 must configure SELinux context type to allow the use of a non-default faillock tally directory.
|