DISA STIG for Red Hat Enterprise Linux 5 v1r17 Audit

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: DISA STIG for Red Hat Enterprise Linux 5 v1r17 Audit

Updated: 7/24/2018

Authority: DISA STIG

Plugin: Unix

Revision: 1.6

Estimated Item Count: 958

File Details

Filename: DISA_STIG_RHEL_5_v1r17.audit

Size: 1.35 MB

MD5: 960beaca6e08c6e4856c4b5a15ec11e3

SHA256: 9686acd7f0c79760a10781f7f59516fc166232319082524e5db6b32bba001d38

Audit Items

Description	Categories
GEN000000-LNX00320 - The system must not have special privilege accounts, such as shutdown and halt - '/etc/passwd - halt'	ACCESS CONTROL
GEN000000-LNX00320 - The system must not have special privilege accounts, such as shutdown and halt - '/etc/passwd - reboot'	ACCESS CONTROL
GEN000000-LNX00320 - The system must not have special privilege accounts, such as shutdown and halt - '/etc/passwd - shutdown'	ACCESS CONTROL
GEN000000-LNX00320 - The system must not have special privilege accounts, such as shutdown and halt - '/etc/shadow - halt'	ACCESS CONTROL
GEN000000-LNX00320 - The system must not have special privilege accounts, such as shutdown and halt - '/etc/shadow - reboot'	ACCESS CONTROL
GEN000000-LNX00320 - The system must not have special privilege accounts, such as shutdown and halt - '/etc/shadow - shutdown'	ACCESS CONTROL
GEN000000-LNX00360 - The X server must have the correct options enabled - '-audit = 4'	AUDIT AND ACCOUNTABILITY
GEN000000-LNX00360 - The X server must have the correct options enabled - '-auth'	ACCESS CONTROL
GEN000000-LNX00360 - The X server must have the correct options enabled - '-s <= 15'	CONFIGURATION MANAGEMENT
GEN000000-LNX00360 - The X server must have the correct options enabled - ':0 /usr/bin/X:0'	ACCESS CONTROL
GEN000000-LNX00380 - An X server must have none of the following options enabled: -ac, -core (except for debugging) or -nolock - '-nolock'	CONFIGURATION MANAGEMENT
GEN000000-LNX00380 - An X server must have none of the following options enabled: -ac, -core (except for debugging), or -nolock - '-ac'	CONFIGURATION MANAGEMENT
GEN000000-LNX00380 - An X server must have none of the following options enabled: -ac, -core (except for debugging), or -nolock - '-core'	CONFIGURATION MANAGEMENT
GEN000000-LNX00400 - The /etc/security/access.conf file must be owned by root.	CONFIGURATION MANAGEMENT
GEN000000-LNX00420 - The /etc/security/access.conf file must have a privileged group owner.	CONFIGURATION MANAGEMENT
GEN000000-LNX00440 - The /etc/security/access.conf file must have mode 0640 or less permissive.	CONFIGURATION MANAGEMENT
GEN000000-LNX00450 - The /etc/security/access.conf file must not have an extended ACL.	ACCESS CONTROL
GEN000000-LNX00480 - The /etc/sysctl.conf file must be owned by root.	CONFIGURATION MANAGEMENT
GEN000000-LNX00500 - The /etc/sysctl.conf file must be group-owned by root.	CONFIGURATION MANAGEMENT
GEN000000-LNX00520 - The /etc/sysctl.conf file must have mode 0600 or less permissive.	CONFIGURATION MANAGEMENT
GEN000000-LNX00530 - The /etc/sysctl.conf file must not have an extended ACL.	ACCESS CONTROL
GEN000000-LNX00560 - The Linux NFS Server must not have the insecure file locking option.	ACCESS CONTROL
GEN000000-LNX00580 - The x86 CTRL-ALT-DELETE key sequence must be disabled.	ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION
GEN000000-LNX00600 - PAM system must not grant sole access to admin privileges to the first user who logs into the console.
GEN000000-LNX00620 - The /etc/securetty file must be group-owned by root, sys, or bin.	CONFIGURATION MANAGEMENT
GEN000000-LNX00640 - The /etc/securetty file must be owned by root.	CONFIGURATION MANAGEMENT
GEN000000-LNX00660 - The /etc/securetty file must have mode 0640 or less permissive.	CONFIGURATION MANAGEMENT
GEN000000-LNX00720 - Auditing must be enabled at boot by setting a kernel parameter.	AUDIT AND ACCOUNTABILITY
GEN000000-LNX00800 - Use a Linux Security Module configured to limit privileges of system services - 'SELINUXTYPE = targeted or strict'	ACCESS CONTROL
GEN000000-LNX00800 - Use a Linux Security Module configured to limit the privileges of system services - 'SELINUX = enforcing'	ACCESS CONTROL
GEN000000-LNX001431 - The /etc/gshadow file must be owned by root.	IDENTIFICATION AND AUTHENTICATION
GEN000000-LNX001432 - The /etc/gshadow file must be group-owned by root.	IDENTIFICATION AND AUTHENTICATION
GEN000000-LNX001433 - The /etc/gshadow file must have mode 0400.	IDENTIFICATION AND AUTHENTICATION
GEN000000-LNX001434 - The /etc/gshadow file must not have an extended ACL.	ACCESS CONTROL
GEN000000-LNX001476 - The /etc/gshadow file must not contain any group password hashes.	IDENTIFICATION AND AUTHENTICATION
GEN000020 - The system must require authentication upon booting into single-user and maintenance modes.	SYSTEM AND INFORMATION INTEGRITY
GEN000100 - The operating system must be a supported release.	CONFIGURATION MANAGEMENT
GEN000120 - System security patches and updates must be installed and up-to-date.
GEN000140-2 - A file integrity baseline including cryptographic hashes must be created and maintained - '/etc/aide.conf must exist'	SYSTEM AND INFORMATION INTEGRITY
GEN000140-2 - A file integrity baseline including cryptographic hashes must be created and maintained - 'cryptographic hash is used '	SYSTEM AND INFORMATION INTEGRITY
GEN000140-2 - A file integrity baseline including cryptographic hashes must be created and maintained - 'database location'	SYSTEM AND INFORMATION INTEGRITY
GEN000140-3 - A file integrity baseline including cryptographic hashes must be maintained - 'database has been configured'	SYSTEM AND INFORMATION INTEGRITY
GEN000140-3 - A file integrity baseline including cryptographic hashes must be maintained. - '/etc/aide.conf exists'	SYSTEM AND INFORMATION INTEGRITY
GEN000220 - A file integrity tool must be used at least weekly to check for unauthorized file changes.
GEN000240 - The system clock must be synchronized to an authoritative DoD time source.	AUDIT AND ACCOUNTABILITY
GEN000241 - The system clock must be synchronized continuously - 'maxpoll 10'	AUDIT AND ACCOUNTABILITY
GEN000241 - The system clock must be synchronized continuously.
GEN000242 - The system must use at least two time sources for clock synchronization - '/etc/ntp.conf'	AUDIT AND ACCOUNTABILITY
GEN000242 - The system must use at least two time sources for clock synchronization - 'cron jobs'
GEN000244 - The system must use time sources that are local to the enclave	AUDIT AND ACCOUNTABILITY

Detections

Analytics

DISA STIG for Red Hat Enterprise Linux 5 v1r17 Audit

Warning! Audit Deprecated

Audit Details

File Details

Audit Items