DISA_STIG_Red_Hat_Enterprise_Linux_8_v1r5.audit from DISA Red Hat Enterprise Linux 8 v1r5 STIG

RHEL-08-010000 - RHEL 8 must be a vendor-supported release.

CAT|I

CCI|CCI-000366

Rule-ID|SV-230221r743913_rule

STIG-ID|RHEL-08-010000

Vuln-ID|V-230221

RHEL-08-010001 - The RHEL 8 operating system must implement the Endpoint Security for Linux Threat Prevention tool.

CAT|II

CCI|CCI-001233

Rule-ID|SV-245540r754730_rule

STIG-ID|RHEL-08-010001

Vuln-ID|V-245540

RHEL-08-010010 - RHEL 8 vendor packaged system security patches and updates must be installed and up to date.

Rule-ID|SV-230222r627750_rule

STIG-ID|RHEL-08-010010

Vuln-ID|V-230222

RHEL-08-010020 - RHEL 8 must implement NIST FIPS-validated cryptography for the following: to provision digital signatures, to generate cryptographic hashes, and to protect data requiring data-at-rest protections in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards. - fips-mode-setup

CCI|CCI-000068

Rule-ID|SV-230223r792855_rule

STIG-ID|RHEL-08-010020

Vuln-ID|V-230223

RHEL-08-010020 - RHEL 8 must implement NIST FIPS-validated cryptography for the following: to provision digital signatures, to generate cryptographic hashes, and to protect data requiring data-at-rest protections in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards. - grub2-editenv

RHEL-08-010020 - RHEL 8 must implement NIST FIPS-validated cryptography for the following: to provision digital signatures, to generate cryptographic hashes, and to protect data requiring data-at-rest protections in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards. - proc

RHEL-08-010030 - All RHEL 8 local disk partitions must implement cryptographic mechanisms to prevent unauthorized disclosure or modification of all information that requires at rest protection.

CCI|CCI-001199

Rule-ID|SV-230224r809268_rule

STIG-ID|RHEL-08-010030

Vuln-ID|V-230224

RHEL-08-010040 - RHEL 8 must display the Standard Mandatory DoD Notice and Consent Banner before granting local or remote access to the system via a ssh logon -  /etc/issue

CCI|CCI-000048

Rule-ID|SV-230225r627750_rule

STIG-ID|RHEL-08-010040

Vuln-ID|V-230225

RHEL-08-010040 - RHEL 8 must display the Standard Mandatory DoD Notice and Consent Banner before granting local or remote access to the system via a ssh logon -  /etc/ssh/sshd_config

RHEL-08-010049 - RHEL 8 must display a banner before granting local or remote access to the system via a graphical user logon.

Rule-ID|SV-244519r743806_rule

STIG-ID|RHEL-08-010049

Vuln-ID|V-244519

RHEL-08-010050 - RHEL 8 must display the Standard Mandatory DoD Notice and Consent Banner before granting local or remote access to the system via a graphical user logon.

Rule-ID|SV-230226r743916_rule

STIG-ID|RHEL-08-010050

Vuln-ID|V-230226

RHEL-08-010060 - RHEL 8 must display the Standard Mandatory DoD Notice and Consent Banner before granting local or remote access to the system via a command line user logon.

Rule-ID|SV-230227r627750_rule

STIG-ID|RHEL-08-010060

Vuln-ID|V-230227

RHEL-08-010070 - All RHEL 8 remote access methods must be monitored - auth

CCI|CCI-000067

Rule-ID|SV-230228r627750_rule

STIG-ID|RHEL-08-010070

Vuln-ID|V-230228

RHEL-08-010070 - All RHEL 8 remote access methods must be monitored - authpriv

RHEL-08-010070 - All RHEL 8 remote access methods must be monitored - daemon

RHEL-08-010090 - RHEL 8, for PKI-based authentication, must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor.

CCI|CCI-000185

Rule-ID|SV-230229r809270_rule

STIG-ID|RHEL-08-010090

Vuln-ID|V-230229

RHEL-08-010100 - RHEL 8, for certificate-based authentication, must enforce authorized access to the corresponding private key.

CCI|CCI-000186

Rule-ID|SV-230230r627750_rule

STIG-ID|RHEL-08-010100

Vuln-ID|V-230230

RHEL-08-010110 - RHEL 8 must encrypt all stored passwords with a FIPS 140-2 approved cryptographic hashing algorithm.

CCI|CCI-000196

Rule-ID|SV-230231r627750_rule

STIG-ID|RHEL-08-010110

Vuln-ID|V-230231

RHEL-08-010120 - RHEL 8 must employ FIPS 140-2 approved cryptographic hashing algorithms for all stored passwords.

Rule-ID|SV-230232r627750_rule

STIG-ID|RHEL-08-010120

Vuln-ID|V-230232

RHEL-08-010121 - The RHEL 8 operating system must not have accounts configured with blank or null passwords.

Rule-ID|SV-251706r809342_rule

STIG-ID|RHEL-08-010121

Vuln-ID|V-251706

RHEL-08-010130 - The RHEL 8 shadow password suite must be configured to use a sufficient number of hashing rounds.

Rule-ID|SV-230233r809273_rule

STIG-ID|RHEL-08-010130

Vuln-ID|V-230233

RHEL-08-010140 - RHEL 8 operating systems booted with United Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user mode and maintenance - UEFI must require authentication upon booting into single-user mode and maintenance

CCI|CCI-000213

Rule-ID|SV-230234r743922_rule

STIG-ID|RHEL-08-010140

Vuln-ID|V-230234

RHEL-08-010141 - RHEL 8 operating systems booted with United Extensible Firmware Interface (UEFI) must require a unique superusers name upon booting into single-user mode and maintenance.

Rule-ID|SV-244521r792982_rule

STIG-ID|RHEL-08-010141

Vuln-ID|V-244521

RHEL-08-010149 - RHEL 8 operating systems booted with a BIOS must require  a unique superusers name upon booting into single-user and maintenance modes.

Rule-ID|SV-244522r792984_rule

STIG-ID|RHEL-08-010149

Vuln-ID|V-244522

RHEL-08-010150 - RHEL 8 operating systems booted with a BIOS must require authentication upon booting into single-user and maintenance modes - superusers

Rule-ID|SV-230235r743925_rule

STIG-ID|RHEL-08-010150

Vuln-ID|V-230235

RHEL-08-010151 - RHEL 8 operating systems must require authentication upon booting into rescue mode.

Rule-ID|SV-230236r743928_rule

STIG-ID|RHEL-08-010151

Vuln-ID|V-230236

RHEL-08-010152 - RHEL 8 operating systems must require authentication upon booting into emergency mode.

Rule-ID|SV-244523r743818_rule

STIG-ID|RHEL-08-010152

Vuln-ID|V-244523

RHEL-08-010159 - The RHEL 8 pam_unix.so module must be configured in the system-auth file to use a FIPS 140-2 approved cryptographic hashing algorithm for system authentication.

CCI|CCI-000803

Rule-ID|SV-244524r809331_rule

STIG-ID|RHEL-08-010159

Vuln-ID|V-244524

RHEL-08-010160 - The RHEL 8 pam_unix.so module must be configured in the password-auth file to use a FIPS 140-2 approved cryptographic hashing algorithm for system authentication.

Rule-ID|SV-230237r809276_rule

STIG-ID|RHEL-08-010160

Vuln-ID|V-230237

RHEL-08-010161 - RHEL 8 must prevent system daemons from using Kerberos for authentication.

Rule-ID|SV-230238r646862_rule

STIG-ID|RHEL-08-010161

Vuln-ID|V-230238

RHEL-08-010162 - The krb5-workstation package must not be installed on RHEL 8.

Rule-ID|SV-230239r646864_rule

STIG-ID|RHEL-08-010162

Vuln-ID|V-230239

RHEL-08-010163 - The krb5-server package must not be installed on RHEL 8.

Rule-ID|SV-237640r646890_rule

STIG-ID|RHEL-08-010163

Vuln-ID|V-237640

RHEL-08-010170 - RHEL 8 must use a Linux Security Module configured to enforce limits on system services.

CCI|CCI-001084

Rule-ID|SV-230240r627750_rule

STIG-ID|RHEL-08-010170

Vuln-ID|V-230240

RHEL-08-010171 - RHEL 8 must have policycoreutils package installed.

CAT|III

Rule-ID|SV-230241r627750_rule

STIG-ID|RHEL-08-010171

Vuln-ID|V-230241

RHEL-08-010190 - A sticky bit must be set on all RHEL 8 public directories to prevent unauthorized and unintended information transferred via shared system resources.

CCI|CCI-001090

Rule-ID|SV-230243r792857_rule

STIG-ID|RHEL-08-010190

Vuln-ID|V-230243

RHEL-08-010200 - RHEL 8 must be configured so that all network connections associated with SSH traffic are terminated at the end of the session or after 10 minutes of inactivity, except to fulfill documented and validated mission requirements.

CCI|CCI-001133

Rule-ID|SV-230244r743934_rule

STIG-ID|RHEL-08-010200

Vuln-ID|V-230244

RHEL-08-010201 - The RHEL 8 SSH daemon must be configured with a timeout interval.

Rule-ID|SV-244525r743824_rule

STIG-ID|RHEL-08-010201

Vuln-ID|V-244525

RHEL-08-010210 - The RHEL 8 /var/log/messages file must have mode 0640 or less permissive.

CCI|CCI-001314

Rule-ID|SV-230245r627750_rule

STIG-ID|RHEL-08-010210

Vuln-ID|V-230245

RHEL-08-010220 - The RHEL 8 /var/log/messages file must be owned by root.

Rule-ID|SV-230246r627750_rule

STIG-ID|RHEL-08-010220

Vuln-ID|V-230246

RHEL-08-010230 - The RHEL 8 /var/log/messages file must be group-owned by root.

Rule-ID|SV-230247r627750_rule

STIG-ID|RHEL-08-010230

Vuln-ID|V-230247

RHEL-08-010240 - The RHEL 8 /var/log directory must have mode 0755 or less permissive.

Rule-ID|SV-230248r627750_rule

STIG-ID|RHEL-08-010240

Vuln-ID|V-230248

RHEL-08-010250 - The RHEL 8 /var/log directory must be owned by root.

Rule-ID|SV-230249r627750_rule

STIG-ID|RHEL-08-010250

Vuln-ID|V-230249

RHEL-08-010260 - The RHEL 8 /var/log directory must be group-owned by root.

Rule-ID|SV-230250r627750_rule

STIG-ID|RHEL-08-010260

Vuln-ID|V-230250

RHEL-08-010287 - The RHEL 8 SSH daemon must be configured to use system-wide crypto policies.

CCI|CCI-001453

Rule-ID|SV-244526r809334_rule

STIG-ID|RHEL-08-010287

Vuln-ID|V-244526

RHEL-08-010290 - The RHEL 8 SSH server must be configured to use only Message Authentication Codes (MACs) employing FIPS 140-2 validated cryptographic hash algorithms - MACs employing FIPS 140-2 validated cryptographic hash algorithms

Rule-ID|SV-230251r743937_rule

STIG-ID|RHEL-08-010290

Vuln-ID|V-230251

RHEL-08-010291 - The RHEL 8 operating system must implement DoD-approved encryption to protect the confidentiality of SSH server connections.

Rule-ID|SV-230252r743940_rule

STIG-ID|RHEL-08-010291

Vuln-ID|V-230252

RHEL-08-010292 - RHEL 8 must ensure the SSH server uses strong entropy.

Rule-ID|SV-230253r627750_rule

STIG-ID|RHEL-08-010292

Vuln-ID|V-230253

RHEL-08-010293 - The RHEL 8 operating system must implement DoD-approved encryption in the OpenSSL package - /etc/pki/tls/openssl.cnf

Rule-ID|SV-230254r627750_rule

STIG-ID|RHEL-08-010293

Vuln-ID|V-230254

RHEL-08-010293 - The RHEL 8 operating system must implement DoD-approved encryption in the OpenSSL package - update-crypto-policies

RHEL-08-010294 - The RHEL 8 operating system must implement DoD-approved TLS encryption in the OpenSSL package.

Detections

Analytics

DISA Red Hat Enterprise Linux 8 STIG v1r5

Warning! Audit Deprecated

Audit Details

Audit Changelog

Revision 1.4

Functional Update

Miscellaneous

Revision 1.3

Functional Update

Revision 1.2

Functional Update

Revision 1.1

Functional Update

Miscellaneous


Revision 1.4 Jun 10, 2022 Functional Update RHEL-08-020028 - RHEL 8 systems below version 8.2 must configure SELinux context type to allow the use of a non-default faillock tally directory. RHEL-08-030590 - Successful/unsuccessful modifications to the faillock log file in RHEL 8 must generate an audit record. Miscellaneous Audit deprecated. Metadata updated. References updated.
Revision 1.3 May 24, 2022 Functional Update RHEL-08-010400 - RHEL 8 must implement certificate status checking for multifactor authentication. RHEL-08-020028 - RHEL 8 systems below version 8.2 must configure SELinux context type to allow the use of a non-default faillock tally directory. RHEL-08-030590 - Successful/unsuccessful modifications to the faillock log file in RHEL 8 must generate an audit record.
Revision 1.2 Apr 25, 2022 Functional Update RHEL-08-020028 - RHEL 8 systems below version 8.2 must configure SELinux context type to allow the use of a non-default faillock tally directory. RHEL-08-030590 - Successful/unsuccessful modifications to the faillock log file in RHEL 8 must generate an audit record.
Revision 1.1 Mar 24, 2022 Functional Update RHEL-08-020028 - RHEL 8 systems below version 8.2 must configure SELinux context type to allow the use of a non-default faillock tally directory. RHEL-08-030590 - Successful/unsuccessful modifications to the faillock log file in RHEL 8 must generate an audit record. Miscellaneous References updated.