DISA Oracle Linux 8 STIG v1r6

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: DISA Oracle Linux 8 STIG v1r6

Updated: 9/19/2023

Authority: DISA STIG

Plugin: Unix

Revision: 1.4

Estimated Item Count: 493

Audit Changelog

 
Revision 1.4

Sep 19, 2023

Functional Update
  • OL08-00-010190 - A sticky bit must be set on all OL 8 public directories to prevent unauthorized and unintended information transferred via shared system resources.
  • OL08-00-010300 - OL 8 system commands must have mode 755 or less permissive.
  • OL08-00-010310 - OL 8 system commands must be owned by root.
  • OL08-00-010320 - OL 8 system commands must be group-owned by root or a system account.
  • OL08-00-010330 - OL 8 library files must have mode 755 or less permissive.
  • OL08-00-010331 - OL 8 library directories must have mode 755 or less permissive.
  • OL08-00-010340 - OL 8 library files must be owned by root.
  • OL08-00-010341 - OL 8 library directories must be owned by root.
  • OL08-00-010350 - OL 8 library files must be group-owned by root.
  • OL08-00-010351 - OL 8 library directories must be group-owned by root or a system account.
  • OL08-00-010460 - There must be no 'shosts.equiv' files on the OL 8 operating system - shosts.equiv files on the OL 8 operating system.
  • OL08-00-010470 - There must be no '.shosts' files on the OL 8 operating system - .shosts files on the OL 8 operating system.
  • OL08-00-010660 - Local OL 8 initialization files must not execute world-writable programs.
  • OL08-00-010700 - All OL 8 world-writable directories must be owned by root, sys, bin, or an application user.
  • OL08-00-010710 - All OL 8 world-writable directories must be group-owned by root, sys, bin, or an application group.
  • OL08-00-010780 - All OL 8 files and directories must have a valid owner.
  • OL08-00-010790 - All OL 8 files and directories must have a valid group owner.
Miscellaneous
  • Audit deprecated.
  • Metadata updated.
  • References updated.
  • Variables updated.
Revision 1.3

Aug 15, 2023

Functional Update
  • OL08-00-020220 - OL 8 must be configured in the password-auth file to prohibit password reuse for a minimum of five generations.
  • OL08-00-020221 - OL 8 must be configured in the system-auth file to prohibit password reuse for a minimum of five generations.
  • OL08-00-020352 - OL 8 must set the umask value to 077 for all local interactive user accounts.
Revision 1.2

May 24, 2023

Functional Update
  • OL08-00-010161 - OL 8 must prevent system daemons from using Kerberos for authentication.
  • OL08-00-010360 - The OL 8 file integrity tool must notify the System Administrator (SA) when changes to the baseline configuration or anomalies in the operation of any security functions are discovered within an organizationally defined frequency - grep aide /etc/crontab /var/spool/cron/root
  • OL08-00-010600 - OL 8 file systems must not interpret character or block special devices from untrusted file systems.
  • OL08-00-010610 - OL 8 file systems must not execute binary files on removable media.
  • OL08-00-010620 - OL 8 must prevent files with the setuid and setgid bit set from being executed on file systems that are used with removable media.
  • OL08-00-040001 - OL 8 must not have any automated bug reporting tools installed.
  • OL08-00-040342 - OL 8 SSH server must be configured to use only FIPS-validated key exchange algorithms.
Revision 1.1

May 19, 2023

Functional Update
  • OL08-00-020220 - OL 8 must be configured in the password-auth file to prohibit password reuse for a minimum of five generations.
  • OL08-00-020221 - OL 8 must be configured in the system-auth file to prohibit password reuse for a minimum of five generations.