Detections
Analytics

DISA Red Hat Enterprise Linux 8 STIG v1r14

Audit Details

Name: DISA Red Hat Enterprise Linux 8 STIG v1r14

Updated: 7/1/2024

Authority: DISA STIG

Plugin: Unix

Revision: 1.1

Estimated Item Count: 376

File Details

Filename: DISA_STIG_Red_Hat_Enterprise_Linux_8_v1r14.audit

Size: 1.04 MB

MD5: 6b002b15c69a16975c9042c800a6e478
SHA256: 4e22d70e7b439eb3372752756968cc73c63a5f96ce8b02629d8aa75886056954

Audit Changelog

 
Revision 1.1

Jul 1, 2024

Functional Update
  • RHEL-08-010292 - RHEL 8 must ensure the SSH server uses strong entropy.
  • RHEL-08-010471 - RHEL 8 must enable the hardware random number generator entropy gatherer service.
  • RHEL-08-020010 - RHEL 8 must automatically lock an account when three unsuccessful logon attempts occur.
  • RHEL-08-020011 - RHEL 8 must automatically lock an account when three unsuccessful logon attempts occur.
  • RHEL-08-020012 - RHEL 8 must automatically lock an account when three unsuccessful logon attempts occur during a 15-minute time period.
  • RHEL-08-020013 - RHEL 8 must automatically lock an account when three unsuccessful logon attempts occur during a 15-minute time period.
  • RHEL-08-020014 - RHEL 8 must automatically lock an account until the locked account is released by an administrator when three unsuccessful logon attempts occur during a 15-minute time period.
  • RHEL-08-020015 - RHEL 8 must automatically lock an account until the locked account is released by an administrator when three unsuccessful logon attempts occur during a 15-minute time period.
  • RHEL-08-020016 - RHEL 8 must ensure account lockouts persist.
  • RHEL-08-020017 - RHEL 8 must ensure account lockouts persist.
  • RHEL-08-020018 - RHEL 8 must prevent system messages from being presented when three unsuccessful logon attempts occur.
  • RHEL-08-020019 - RHEL 8 must prevent system messages from being presented when three unsuccessful logon attempts occur.
  • RHEL-08-020020 - RHEL 8 must log user name information when unsuccessful logon attempts occur.
  • RHEL-08-020021 - RHEL 8 must log user name information when unsuccessful logon attempts occur.
  • RHEL-08-020022 - RHEL 8 must include root when automatically locking an account until the locked account is released by an administrator when three unsuccessful logon attempts occur during a 15-minute time period.
  • RHEL-08-020023 - RHEL 8 must include root when automatically locking an account until the locked account is released by an administrator when three unsuccessful logon attempts occur during a 15-minute time period.
  • RHEL-08-020025 - RHEL 8 must configure the use of the pam_faillock.so module in the /etc/pam.d/system-auth file.
  • RHEL-08-020026 - RHEL 8 must configure the use of the pam_faillock.so module in the /etc/pam.d/password-auth file.
  • RHEL-08-020027 - RHEL 8 systems, versions 8.2 and above, must configure SELinux context type to allow the use of a non-default faillock tally directory.
  • RHEL-08-020028 - RHEL 8 systems below version 8.2 must configure SELinux context type to allow the use of a non-default faillock tally directory.
  • RHEL-08-020102 - RHEL 8 systems below version 8.4 must ensure the password complexity module in the system-auth file is configured for three retries or less.
  • RHEL-08-020103 - RHEL 8 systems below version 8.4 must ensure the password complexity module in the password-auth file is configured for three retries or less.
  • RHEL-08-020104 - RHEL 8 systems, version 8.4 and above, must ensure the password complexity module is configured for three retries or less.