| autrace | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | |
| chown b64 | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | |
| creat b64 EPERM | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | |
| fchownat b64 | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | |
| fsetxattr b32 auid>=1000 | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | |
| ftruncate b32 EACCES | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | |
| ftruncate b32 EPERM | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | |
| is-enabled | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | |
| kernel.perf_event_paranoid configuration setting check | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | |
| lsetxattr b64 auid>=1000 | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | |
| open_by_handle_at b32 EACCES | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | |
| openat b32 EACCES | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | |
| openat b32 EPERM | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | |
| rename b32 auid>=1000 | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | |
| renameat b64 auid>=1000 | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | |
| RHEL-09-611135 - RHEL 9 must be configured so that user and group account administration utilities are configured to store only encrypted representations of passwords. | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-09-611180 - The pcscd service on RHEL 9 must be active. | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-09-611205 - RHEL 9 must prevent system daemons from using Kerberos for authentication. | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-09-651010 - RHEL 9 must have the AIDE package installed. | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| RHEL-09-652035 - RHEL 9 must be configured to offload audit records onto a different system from the system being audited via syslog. | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-09-652045 - RHEL 9 must encrypt the transfer of audit records offloaded onto a different system or media from the system being audited via rsyslog. | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-09-653030 - RHEL 9 must allocate audit record storage capacity to store at least one week's worth of audit records. | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-09-653070 - RHEL 9 System Administrator (SA) and/or information system security officer (ISSO) (at a minimum) must be alerted of an audit processing failure event. | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-09-653115 - RHEL 9 /etc/audit/auditd.conf file must have 0640 or less permissive to prevent unauthorized access. | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-09-653120 - RHEL 9 must allocate an audit_backlog_limit of sufficient size to capture processes that start prior to the audit daemon. | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-09-654075 - RHEL 9 must audit all uses of the delete_module system call. | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-09-654120 - RHEL 9 must audit all uses of the passwd command. | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-09-654165 - RHEL 9 must audit all uses of the unix_update command. | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-09-654170 - RHEL 9 must audit all uses of the userhelper command. | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-09-654185 - Successful/unsuccessful uses of the init command in RHEL 9 must generate an audit record. | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-09-654200 - Successful/unsuccessful uses of the shutdown command in RHEL 9 must generate an audit record. | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-09-654215 - RHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers. | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-09-654220 - RHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.d/ directory. | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-09-654225 - RHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group. | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-09-654250 - RHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /var/log/faillock. | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-09-654260 - RHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /var/log/tallylog. | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-09-672045 - RHEL 9 must implement a systemwide encryption policy. | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| SELINUX enforcing config file | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | |
| ServerRun | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | |
| sshd_config | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | |
| sysctl | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | |
| Verify '/etc/fstab' is using the 'nodev' option on the '/tmp' dir | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | |
| Verify '/etc/fstab' is using the 'nodev' option on the '/var/log' dir | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | |
| Verify '/etc/fstab' is using the 'nodev' option on the '/var/log/audit' dir | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | |
| Verify '/etc/fstab' is using the 'noexec' option on the '/dev/shm' file system | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | |
| Verify '/etc/fstab' is using the 'noexec' option on the '/var/log' dir | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | |
| Verify '/etc/fstab' is using the 'nosuid' option on the '/var/log' dir | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | |
| Verify '/var/log/audit' is mounted with the 'nodev' | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | |
| Verify that all system device files are correctly labeled | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | |
| Verify the boot loader superuser password has been set | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | |
