RHEL-08-010161 - RHEL 8 must prevent system daemons from using Kerberos for authentication.
RHEL-08-010600 - RHEL 8 must prevent special devices on file systems that are used with removable media.
RHEL-08-010610 - RHEL 8 must prevent code from being executed on file systems that are used with removable media.
RHEL-08-010620 - RHEL 8 must prevent files with the setuid and setgid bit set from being executed on file systems that are used with removable media.
RHEL-08-030000 - The RHEL 8 audit system must be configured to audit the execution of privileged functions and prevent all software from executing at higher privilege levels than users executing the software.
RHEL-08-030200 - The RHEL 8 audit system must be configured to audit any usage of the setxattr, fsetxattr, lsetxattr, removexattr, fremovexattr, and lremovexattr system calls.
RHEL-08-030361 - Successful/unsuccessful uses of the rename, unlink, rmdir, renameat, and unlinkat system calls in RHEL 8 must generate an audit record.
RHEL-08-030420 - Successful/unsuccessful uses of the truncate, ftruncate, creat, open, openat, and open_by_handle_at system calls in RHEL 8 must generate an audit record.
RHEL-08-030480 - Successful/unsuccessful uses of the chown, fchown, fchownat, and lchown system calls in RHEL 8 must generate an audit record.
RHEL-08-040001 - RHEL 8 must not have any automated bug reporting tools installed.
RHEL-08-040342 - RHEL 8 SSH server must be configured to use only FIPS-validated key exchange algorithms.
Informational Update
RHEL-08-020041 - RHEL 8 must ensure session control is automatically started at shell initialization - tmux running
RHEL-08-020041 - RHEL 8 must ensure session control is automatically started at shell initialization - tmux shell
RHEL-08-030000 - The RHEL 8 audit system must be configured to audit the execution of privileged functions and prevent all software from executing at higher privilege levels than users executing the software.
Added
RHEL-08-010360 - The RHEL 8 file integrity tool must notify the system administrator when changes to the baseline configuration or anomalies in the operation of any security functions are discovered within an organizationally defined frequency.
Removed
RHEL-08-010360 - The RHEL 8 file integrity tool must notify the system administrator when changes to the baseline configuration or anomalies in the operation of any security functions are discovered within an organizationally defined frequency - /usr/sbin/aide --check
RHEL-08-010360 - The RHEL 8 file integrity tool must notify the system administrator when changes to the baseline configuration or anomalies in the operation of any security functions are discovered within an organizationally defined frequency - grep aide /etc/crontab /var/spool/cron/root
RHEL-08-010360 - The RHEL 8 file integrity tool must notify the system administrator when changes to the baseline configuration or anomalies in the operation of any security functions are discovered within an organizationally defined frequency - ls -la /etc/cron.* | grep aide
