RHEL-08-010070 - All RHEL 8 remote access methods must be monitored. - auth
RHEL-08-010070 - All RHEL 8 remote access methods must be monitored. - authpriv
RHEL-08-010070 - All RHEL 8 remote access methods must be monitored. - daemon
RHEL-08-020011 - RHEL 8 must automatically lock an account when three unsuccessful logon attempts occur. - deny
RHEL-08-020011 - RHEL 8 must automatically lock an account when three unsuccessful logon attempts occur. - pam_faillock.so
RHEL-08-020013 - RHEL 8 must automatically lock an account when three unsuccessful logon attempts occur during a 15-minute time period. - fail_interval
RHEL-08-020013 - RHEL 8 must automatically lock an account when three unsuccessful logon attempts occur during a 15-minute time period. - pam_faillock.so
RHEL-08-020015 - RHEL 8 must automatically lock an account until the locked account is released by an administrator when three unsuccessful logon attempts occur during a 15-minute time period. - pam_faillock.so
RHEL-08-020015 - RHEL 8 must automatically lock an account until the locked account is released by an administrator when three unsuccessful logon attempts occur during a 15-minute time period. - unlock_time
RHEL-08-020017 - RHEL 8 must ensure account lockouts persist. - dir
RHEL-08-020019 - RHEL 8 must prevent system messages from being presented when three unsuccessful logon attempts occur. - pam_faillock.so
RHEL-08-020019 - RHEL 8 must prevent system messages from being presented when three unsuccessful logon attempts occur. - silent
RHEL-08-020021 - RHEL 8 must log user name information when unsuccessful logon attempts occur. - audit
RHEL-08-020021 - RHEL 8 must log user name information when unsuccessful logon attempts occur. - pam_faillock.so
RHEL-08-020023 - RHEL 8 must include root when automatically locking an account until the locked account is released by an administrator when three unsuccessful logon attempts occur during a 15-minute time period. - even_deny_root
RHEL-08-020023 - RHEL 8 must include root when automatically locking an account until the locked account is released by an administrator when three unsuccessful logon attempts occur during a 15-minute time period. - pam_faillock.so
RHEL-08-020024 - RHEL 8 must limit the number of concurrent sessions to ten for all accounts and/or account types.
RHEL-08-020353 - RHEL 8 must define default permissions for logon and non-logon shells. - /etc/bashrc
RHEL-08-020353 - RHEL 8 must define default permissions for logon and non-logon shells. - /etc/csh.cshrc
RHEL-08-030000 - The RHEL 8 audit system must be configured to audit the execution of privileged functions and prevent all software from executing at higher privilege levels than users executing the software. - b32 gid
RHEL-08-030000 - The RHEL 8 audit system must be configured to audit the execution of privileged functions and prevent all software from executing at higher privilege levels than users executing the software. - b64 gid
RHEL-08-030130 - RHEL 8 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.
RHEL-08-030180 - RHEL 8 audit records must contain information to establish what type of events occurred, the source of events, where events occurred, and the outcome of events. - installed
RHEL-08-030190 - Successful/unsuccessful uses of the su command in RHEL 8 must generate an audit record.
RHEL-08-030200 - The RHEL 8 audit system must be configured to audit any usage of the lremovexattr system call. - b32 auid=0
RHEL-08-030200 - The RHEL 8 audit system must be configured to audit any usage of the lremovexattr system call. - b64 auid=0
RHEL-08-030210 - The RHEL 8 audit system must be configured to audit any usage of the removexattr system call. - b32 auid=0
RHEL-08-030210 - The RHEL 8 audit system must be configured to audit any usage of the removexattr system call. - b64 auid=0
RHEL-08-030220 - The RHEL 8 audit system must be configured to audit any usage of the lsetxattr system call. - b32 auid=0
RHEL-08-030220 - The RHEL 8 audit system must be configured to audit any usage of the lsetxattr system call. - b64 auid=0
RHEL-08-030230 - The RHEL 8 audit system must be configured to audit any usage of the fsetxattr system call. - b32 auid=0
RHEL-08-030230 - The RHEL 8 audit system must be configured to audit any usage of the fsetxattr system call. - b64 auid=0
RHEL-08-030240 - The RHEL 8 audit system must be configured to audit any usage of the fremovexattr system call. - b32 auid=0
RHEL-08-030240 - The RHEL 8 audit system must be configured to audit any usage of the fremovexattr system call. - b64 auid=0
RHEL-08-030250 - Successful/unsuccessful uses of the chage command in RHEL 8 must generate an audit record.
RHEL-08-030260 - Successful/unsuccessful uses of the chcon command in RHEL 8 must generate an audit record.
RHEL-08-030270 - The RHEL 8 audit system must be configured to audit any usage of the setxattr system call. - b32 auid=0
RHEL-08-030270 - The RHEL 8 audit system must be configured to audit any usage of the setxattr system call. - b32 auid>=1000
RHEL-08-030270 - The RHEL 8 audit system must be configured to audit any usage of the setxattr system call. - b64 auid=0
RHEL-08-030600 - Successful/unsuccessful modifications to the lastlog file in RHEL 8 must generate an audit record.
RHEL-08-040021 - RHEL 8 must disable the asynchronous transfer mode (ATM) protocol. - blacklist
RHEL-08-040021 - RHEL 8 must disable the asynchronous transfer mode (ATM) protocol. - install
RHEL-08-040022 - RHEL 8 must disable the controller area network (CAN) protocol. - blacklist
RHEL-08-040022 - RHEL 8 must disable the controller area network (CAN) protocol. - install
RHEL-08-040023 - RHEL 8 must disable the stream control transmission (SCTP) protocol. - blacklist
RHEL-08-040023 - RHEL 8 must disable the stream control transmission (SCTP) protocol. - install
RHEL-08-040024 - RHEL 8 must disable the transparent inter-process communication (TIPC) protocol. - blacklist
RHEL-08-040024 - RHEL 8 must disable the transparent inter-process communication (TIPC) protocol. - install
RHEL-08-040025 - RHEL 8 must disable mounting of cramfs. - blacklist
RHEL-08-040025 - RHEL 8 must disable mounting of cramfs. - install
RHEL-08-040080 - RHEL 8 must be configured to disable USB mass storage. - blacklist
RHEL-08-040080 - RHEL 8 must be configured to disable USB mass storage. - install
Miscellaneous
Platform check updated.
References updated.
Added
RHEL-08-010200 - RHEL 8 must be configured so that all network connections associated with SSH traffic are terminated at the end of the session or after 10 minutes of inactivity, except to fulfill documented and validated mission requirements - ClientAliveCountMax
RHEL-08-010200 - RHEL 8 must be configured so that all network connections associated with SSH traffic are terminated at the end of the session or after 10 minutes of inactivity, except to fulfill documented and validated mission requirements - ClientAliveInterval
RHEL-08-030590 - Successful/unsuccessful modifications to the faillock log file in RHEL 8 must generate an audit record.
Removed
RHEL-08-010200 - RHEL 8 must be configured so that all network connections associated with SSH traffic are terminated at the end of the session or after 10 minutes of inactivity, except to fulfill documented and validated mission requirements.
RHEL-08-030590 - Successful/unsuccessful modifications to the faillock log file in RHEL 8 must generate an audit record.