DISA_STIG_Oracle_Linux_8_v1r8.audit from DISA Oracle Linux 8 v1r8 STIG

OL08-00-010000 - OL 8 must be a vendor-supported release.

CAT|I

CCI|CCI-000366

Rule-ID|SV-248521r779129_rule

STIG-ID|OL08-00-010000

Vuln-ID|V-248521

OL08-00-010001 - The OL 8 operating system must implement the Endpoint Security for Linux Threat Prevention tool.

CAT|II

CCI|CCI-001233

Rule-ID|SV-248522r779132_rule

STIG-ID|OL08-00-010001

Vuln-ID|V-248522

OL08-00-010010 - OL 8 vendor-packaged system security patches and updates must be installed and up to date.

Rule-ID|SV-248523r779135_rule

STIG-ID|OL08-00-010010

Vuln-ID|V-248523

OL08-00-010019 - OL 8 must ensure cryptographic verification of vendor software packages.

CCI|CCI-001749

Rule-ID|SV-256978r902784_rule

STIG-ID|OL08-00-010019

Vuln-ID|V-256978

OL08-00-010020 - OL 8 must implement NIST FIPS-validated cryptography for the following: To provision digital signatures, to generate cryptographic hashes, and to protect data requiring data-at-rest protections in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.

CCI|CCI-000068

CCI|CCI-000877

CCI|CCI-001453

CCI|CCI-002418

CCI|CCI-002890

CCI|CCI-003123

Rule-ID|SV-248524r928551_rule

STIG-ID|OL08-00-010020

Vuln-ID|V-248524

OL08-00-010030 - All OL 8 local disk partitions must implement cryptographic mechanisms to prevent unauthorized disclosure or modification of all information that requires at-rest protection.

CCI|CCI-001199

CCI|CCI-002475

CCI|CCI-002476

Rule-ID|SV-248525r917893_rule

STIG-ID|OL08-00-010030

Vuln-ID|V-248525

OL08-00-010040 - OL 8 must display the Standard Mandatory DoD Notice and Consent Banner before granting local or remote access to the system via an SSH logon.

CCI|CCI-000048

CCI|CCI-001384

CCI|CCI-001385

CCI|CCI-001386

CCI|CCI-001387

CCI|CCI-001388

Rule-ID|SV-248526r858561_rule

STIG-ID|OL08-00-010040

Vuln-ID|V-248526

OL08-00-010049 - OL 8 must display a banner before granting local or remote access to the system via a graphical user logon.

Rule-ID|SV-248527r779147_rule

STIG-ID|OL08-00-010049

Vuln-ID|V-248527

OL08-00-010050 - OL 8 must display the Standard Mandatory DoD Notice and Consent Banner before granting local or remote access to the system via a graphical user logon.

Rule-ID|SV-248528r779150_rule

STIG-ID|OL08-00-010050

Vuln-ID|V-248528

OL08-00-010060 - OL 8 must display the Standard Mandatory DoD Notice and Consent Banner before granting local or remote access to the system via a command line user logon.

Rule-ID|SV-248529r779153_rule

STIG-ID|OL08-00-010060

Vuln-ID|V-248529

OL08-00-010070 - All OL 8 remote access methods must be monitored.

CCI|CCI-000067

Rule-ID|SV-248530r779156_rule

STIG-ID|OL08-00-010070

Vuln-ID|V-248530

OL08-00-010090 - OL 8, for PKI-based authentication, must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor - which includes status information to an accepted trust anchor.

CCI|CCI-000185

CCI|CCI-001991

Rule-ID|SV-248531r860907_rule

STIG-ID|OL08-00-010090

Vuln-ID|V-248531

OL08-00-010100 - OL 8, for certificate-based authentication, must enforce authorized access to the corresponding private key.

CCI|CCI-000186

Rule-ID|SV-248532r779162_rule

STIG-ID|OL08-00-010100

Vuln-ID|V-248532

OL08-00-010110 - OL 8 must encrypt all stored passwords with a FIPS 140-2 approved cryptographic hashing algorithm.

CCI|CCI-000196

Rule-ID|SV-248533r877397_rule

STIG-ID|OL08-00-010110

Vuln-ID|V-248533

OL08-00-010120 - OL 8 must employ FIPS 140-2 approved cryptographic hashing algorithms for all stored passwords.

Rule-ID|SV-248534r877397_rule

STIG-ID|OL08-00-010120

Vuln-ID|V-248534

OL08-00-010121 - The OL 8 operating system must not have accounts configured with blank or null passwords.

Rule-ID|SV-252650r818746_rule

STIG-ID|OL08-00-010121

Vuln-ID|V-252650

OL08-00-010130 - The OL 8 shadow password suite must be configured to use a sufficient number of hashing rounds.

Rule-ID|SV-248535r880546_rule

STIG-ID|OL08-00-010130

Vuln-ID|V-248535

OL08-00-010140 - OL 8 operating systems booted with United Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user mode and maintenance - UEFI must require authentication upon booting into single-user mode and maintenance

CCI|CCI-000213

Rule-ID|SV-248537r779177_rule

STIG-ID|OL08-00-010140

Vuln-ID|V-248537

OL08-00-010141 - OL 8 operating systems booted with United Extensible Firmware Interface (UEFI) must have a unique name for the grub superusers account when booting into single-user mode and maintenance - UEFI must require a unique superusers name upon booting into single-user mode and maintenance.

Rule-ID|SV-248538r818603_rule

STIG-ID|OL08-00-010141

Vuln-ID|V-248538

OL08-00-010149 - OL 8 operating systems booted with a BIOS must have a unique name for the grub superusers account when booting into single-user and maintenance modes.

Rule-ID|SV-248539r818605_rule

STIG-ID|OL08-00-010149

Vuln-ID|V-248539

OL08-00-010150 - OL 8 operating systems booted with a BIOS must require authentication upon booting into single-user and maintenance modes.

Rule-ID|SV-248540r779186_rule

STIG-ID|OL08-00-010150

Vuln-ID|V-248540

OL08-00-010151 - OL 8 operating systems must require authentication upon booting into rescue mode.

Rule-ID|SV-248541r779189_rule

STIG-ID|OL08-00-010151

Vuln-ID|V-248541

OL08-00-010152 - OL 8 operating systems must require authentication upon booting into emergency mode.

Rule-ID|SV-248542r779192_rule

STIG-ID|OL08-00-010152

Vuln-ID|V-248542

OL08-00-010159 - The OL 8 'pam_unix.so' module must be configured in the system-auth file to use a FIPS 140-2 approved cryptographic hashing algorithm for system authentication - pam_unix.so module must be configured in the system-auth file to use a FIPS 140-2 approved cryptographic hashing algorithm for system authentication.

CCI|CCI-000803

Rule-ID|SV-248543r818608_rule

STIG-ID|OL08-00-010159

Vuln-ID|V-248543

OL08-00-010160 - The OL 8 'pam_unix.so' module must be configured in the password-auth file to use a FIPS 140-2 approved cryptographic hashing algorithm for system authentication - pam_unix.so module must be configured in the password-auth file to use a FIPS 140-2 approved cryptographic hashing algorithm for system authentication.

Rule-ID|SV-248544r818611_rule

STIG-ID|OL08-00-010160

Vuln-ID|V-248544

OL08-00-010161 - OL 8 must prevent system daemons from using Kerberos for authentication.

Rule-ID|SV-248545r779201_rule

STIG-ID|OL08-00-010161

Vuln-ID|V-248545

OL08-00-010162 - The krb5-workstation package must not be installed on OL 8.

Rule-ID|SV-248546r779204_rule

STIG-ID|OL08-00-010162

Vuln-ID|V-248546

OL08-00-010163 - The krb5-server package must not be installed on OL 8.

Rule-ID|SV-248547r779207_rule

STIG-ID|OL08-00-010163

Vuln-ID|V-248547

OL08-00-010170 - OL 8 must use a Linux Security Module configured to enforce limits on system services.

CCI|CCI-001084

Rule-ID|SV-248548r779210_rule

STIG-ID|OL08-00-010170

Vuln-ID|V-248548

OL08-00-010171 - OL 8 must have the 'policycoreutils' package installed - policycoreutils package installed.

CAT|III

Rule-ID|SV-248549r779213_rule

STIG-ID|OL08-00-010171

Vuln-ID|V-248549

OL08-00-010190 - A sticky bit must be set on all OL 8 public directories to prevent unauthorized and unintended information transferred via shared system resources.

CCI|CCI-001090

Rule-ID|SV-248551r779219_rule

STIG-ID|OL08-00-010190

Vuln-ID|V-248551

OL08-00-010200 - OL 8 must be configured so that all network connections associated with SSH traffic terminate after becoming unresponsive.

CCI|CCI-000879

CCI|CCI-001133

CCI|CCI-002361

Rule-ID|SV-248552r917896_rule

STIG-ID|OL08-00-010200

Vuln-ID|V-248552

OL08-00-010201 - OL 8 must be configured so that all network connections associated with SSH traffic are terminated after 10 minutes of becoming unresponsive.

Rule-ID|SV-248553r917899_rule

STIG-ID|OL08-00-010201

Vuln-ID|V-248553

OL08-00-010210 - The OL 8 '/var/log/messages' file must have mode 0640 or less permissive - /var/log/messages file must have mode 0640 or less permissive.

CCI|CCI-001314

Rule-ID|SV-248554r779228_rule

STIG-ID|OL08-00-010210

Vuln-ID|V-248554

OL08-00-010220 - The OL 8 '/var/log/messages' file must be owned by root - /var/log/messages file must be owned by root.

Rule-ID|SV-248555r779231_rule

STIG-ID|OL08-00-010220

Vuln-ID|V-248555

OL08-00-010230 - The OL 8 '/var/log/messages' file must be group-owned by root - /var/log/messages file must be group-owned by root.

Rule-ID|SV-248556r779234_rule

STIG-ID|OL08-00-010230

Vuln-ID|V-248556

OL08-00-010240 - The OL 8 '/var/log' directory must have mode 0755 or less permissive - /var/log directory must have mode 0755 or less permissive.

Rule-ID|SV-248557r779237_rule

STIG-ID|OL08-00-010240

Vuln-ID|V-248557

OL08-00-010250 - The OL 8 '/var/log' directory must be owned by root - /var/log directory must be owned by root.

Rule-ID|SV-248558r779240_rule

STIG-ID|OL08-00-010250

Vuln-ID|V-248558

OL08-00-010260 - The OL 8 '/var/log' directory must be group-owned by root - /var/log directory must be group-owned by root.

Rule-ID|SV-248559r779243_rule

STIG-ID|OL08-00-010260

Vuln-ID|V-248559

OL08-00-010287 - The OL 8 SSH daemon must be configured to use system-wide crypto policies.

Rule-ID|SV-248560r877394_rule

STIG-ID|OL08-00-010287

Vuln-ID|V-248560

OL08-00-010290 - The OL 8 SSH server must be configured to use only Message Authentication Codes (MACs) employing FIPS 140-2 validated cryptographic hash algorithms - MACs employing FIPS 140-2 validated cryptographic hash algorithms

Rule-ID|SV-248561r917902_rule

STIG-ID|OL08-00-010290

Vuln-ID|V-248561

OL08-00-010291 - The OL 8 SSH server must be configured to use only ciphers employing FIPS 140-2 validated cryptographic algorithms.

Detections

Analytics

DISA Oracle Linux 8 STIG v1r8

Warning! Audit Deprecated

Audit Details

Audit Changelog

Revision 1.8

Miscellaneous

Revision 1.7

Functional Update

Revision 1.6

Functional Update

Revision 1.5

Functional Update

Added

Removed

Revision 1.4

Functional Update

Revision 1.3

Functional Update

Revision 1.2

Miscellaneous

Revision 1.1

Functional Update

Miscellaneous