Item Search

NameAudit NamePluginCategory
RHEL-06-000247 - The system clock must be synchronized continuously, or at least daily - CHKCONFIG.DISA Red Hat Enterprise Linux 6 STIG v2r2Unix

AUDIT AND ACCOUNTABILITY

RHEL-06-000257 - The graphical desktop environment must set the idle timeout to no more than 15 minutes.DISA Red Hat Enterprise Linux 6 STIG v2r2Unix

ACCESS CONTROL

RHEL-06-000259 - The graphical desktop environment must have automatic lock enabled.DISA Red Hat Enterprise Linux 6 STIG v2r2Unix

ACCESS CONTROL

RHEL-06-000260 - The system must display a publicly-viewable pattern during a graphical desktop environment session lock.DISA Red Hat Enterprise Linux 6 STIG v2r2Unix

ACCESS CONTROL

RHEL-06-000270 - Remote file systems must be mounted with the nosuid option.DISA Red Hat Enterprise Linux 6 STIG v2r2Unix

CONFIGURATION MANAGEMENT

RHEL-06-000274 - The system must prohibit the reuse of passwords within five iterations - password-auth.DISA Red Hat Enterprise Linux 6 STIG v2r2Unix

IDENTIFICATION AND AUTHENTICATION

RHEL-06-000281 - The system package management tool must verify contents of all files associated with the audit package.DISA Red Hat Enterprise Linux 6 STIG v2r2Unix

AUDIT AND ACCOUNTABILITY

RHEL-06-000282 - There must be no world-writable files on the system.DISA Red Hat Enterprise Linux 6 STIG v2r2Unix

CONFIGURATION MANAGEMENT

RHEL-06-000285 - The system must have a host-based intrusion detection tool installed - MFEhiplsmDISA Red Hat Enterprise Linux 6 STIG v2r2Unix

CONFIGURATION MANAGEMENT

RHEL-06-000288 - The sendmail package must be removed.DISA Red Hat Enterprise Linux 6 STIG v2r2Unix

CONFIGURATION MANAGEMENT

RHEL-06-000289 - The netconsole service must be disabled unless required - 'CHKCONFIG'.DISA Red Hat Enterprise Linux 6 STIG v2r2Unix

CONFIGURATION MANAGEMENT

RHEL-06-000291 - The xorg-x11-server-common (X Windows) package must not be installed, unless required.DISA Red Hat Enterprise Linux 6 STIG v2r2Unix

CONFIGURATION MANAGEMENT

RHEL-06-000292 - The DHCP client must be disabled if not needed.DISA Red Hat Enterprise Linux 6 STIG v2r2Unix

CONFIGURATION MANAGEMENT

RHEL-06-000299 - The system must require passwords to contain no more than three consecutive repeating characters - password-auth.DISA Red Hat Enterprise Linux 6 STIG v2r2Unix

CONFIGURATION MANAGEMENT

RHEL-06-000336 - The sticky bit must be set on all public directories.DISA Red Hat Enterprise Linux 6 STIG v2r2Unix

CONFIGURATION MANAGEMENT

RHEL-06-000338 - The TFTP daemon must operate in secure mode which provides access only to a single directory on the host file system.DISA Red Hat Enterprise Linux 6 STIG v2r2Unix

CONFIGURATION MANAGEMENT

RHEL-06-000384 - Audit log files must be owned by root.DISA Red Hat Enterprise Linux 6 STIG v2r2Unix

AUDIT AND ACCOUNTABILITY

RHEL-06-000511 - The audit system must take appropriate action when there are disk errors on the audit storage volume.DISA Red Hat Enterprise Linux 6 STIG v2r2Unix

AUDIT AND ACCOUNTABILITY

RHEL-06-000519 - The system package management tool must verify contents of all files associated with packages.DISA Red Hat Enterprise Linux 6 STIG v2r2Unix

CONFIGURATION MANAGEMENT

RHEL-06-000526 - Automated file system mounting tools must not be enabled unless needed - CHKCONFIGDISA Red Hat Enterprise Linux 6 STIG v2r2Unix

CONFIGURATION MANAGEMENT

RHEL-06-000529 - The sudo command must require authentication - /etc/sudoers NOPASSWDDISA Red Hat Enterprise Linux 6 STIG v2r2Unix

IDENTIFICATION AND AUTHENTICATION

RHEL-07-020060 - The Red Hat Enterprise Linux operating system must prevent the installation of software, patches, service packs, device drivers, or operating system components of local packages without verification they have been digitally signed using a certificate that is issued by a Certificate Authority (CA) that is recognized and approved by the organization.DISA Red Hat Enterprise Linux 7 STIG v3r15Unix

CONFIGURATION MANAGEMENT

RHEL-08-010020 - RHEL 8 must implement NIST FIPS-validated cryptography for the following: To provision digital signatures, to generate cryptographic hashes, and to protect data requiring data-at-rest protections in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.DISA Red Hat Enterprise Linux 8 STIG v2r1Unix

ACCESS CONTROL

RHEL-08-010050 - RHEL 8 must display the Standard Mandatory DoD Notice and Consent Banner before granting local or remote access to the system via a graphical user logon.DISA Red Hat Enterprise Linux 8 STIG v2r1Unix

ACCESS CONTROL

RHEL-08-010090 - RHEL 8, for PKI-based authentication, must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor.DISA Red Hat Enterprise Linux 8 STIG v2r1Unix

IDENTIFICATION AND AUTHENTICATION

RHEL-08-010140 - RHEL 8 operating systems booted with United Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user mode and maintenance.DISA Red Hat Enterprise Linux 8 STIG v2r1Unix

ACCESS CONTROL

RHEL-08-010141 - RHEL 8 operating systems booted with United Extensible Firmware Interface (UEFI) must require a unique superusers name upon booting into single-user mode and maintenance.DISA Red Hat Enterprise Linux 8 STIG v2r1Unix

ACCESS CONTROL

RHEL-08-010151 - RHEL 8 operating systems must require authentication upon booting into rescue mode.DISA Red Hat Enterprise Linux 8 STIG v2r1Unix

ACCESS CONTROL

RHEL-08-010162 - The krb5-workstation package must not be installed on RHEL 8.DISA Red Hat Enterprise Linux 8 STIG v2r1Unix

IDENTIFICATION AND AUTHENTICATION

RHEL-08-010171 - RHEL 8 must have policycoreutils package installed.DISA Red Hat Enterprise Linux 8 STIG v2r1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

RHEL-08-010190 - A sticky bit must be set on all RHEL 8 public directories to prevent unauthorized and unintended information transferred via shared system resources.DISA Red Hat Enterprise Linux 8 STIG v2r1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

RHEL-08-010210 - The RHEL 8 /var/log/messages file must have mode 0640 or less permissive.DISA Red Hat Enterprise Linux 8 STIG v2r1Unix

SYSTEM AND INFORMATION INTEGRITY

RHEL-08-010260 - The RHEL 8 /var/log directory must be group-owned by root.DISA Red Hat Enterprise Linux 8 STIG v2r1Unix

SYSTEM AND INFORMATION INTEGRITY

RHEL-08-010320 - RHEL 8 system commands must be group-owned by root or a system account.DISA Red Hat Enterprise Linux 8 STIG v2r1Unix

CONFIGURATION MANAGEMENT

RHEL-08-010375 - RHEL 8 must restrict access to the kernel message buffer.DISA Red Hat Enterprise Linux 8 STIG v2r1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

RHEL-08-010383 - RHEL 8 must use the invoking user's password for privilege escalation when using 'sudo' - sudo.DISA Red Hat Enterprise Linux 8 STIG v2r1Unix

ACCESS CONTROL

RHEL-08-010400 - RHEL 8 must implement certificate status checking for multifactor authentication.DISA Red Hat Enterprise Linux 8 STIG v2r1Unix

IDENTIFICATION AND AUTHENTICATION

RHEL-08-010421 - RHEL 8 must clear the page allocator to prevent use-after-free attacks.DISA Red Hat Enterprise Linux 8 STIG v2r1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

RHEL-08-010471 - RHEL 8 must enable the hardware random number generator entropy gatherer service.DISA Red Hat Enterprise Linux 8 STIG v2r1Unix

CONFIGURATION MANAGEMENT

RHEL-08-010542 - RHEL 8 must use a separate file system for the system audit data path.DISA Red Hat Enterprise Linux 8 STIG v2r1Unix

CONFIGURATION MANAGEMENT

RHEL-08-010544 - RHEL 8 must use a separate file system for /var/tmp.DISA Red Hat Enterprise Linux 8 STIG v2r1Unix

CONFIGURATION MANAGEMENT

RHEL-08-010550 - RHEL 8 must not permit direct logons to the root account using remote access via SSH.DISA Red Hat Enterprise Linux 8 STIG v2r1Unix

IDENTIFICATION AND AUTHENTICATION

RHEL-08-010590 - RHEL 8 must prevent code from being executed on file systems that contain user home directories.DISA Red Hat Enterprise Linux 8 STIG v2r1Unix

CONFIGURATION MANAGEMENT

RHEL-08-010630 - RHEL 8 must prevent code from being executed on file systems that are imported via Network File System (NFS).DISA Red Hat Enterprise Linux 8 STIG v2r1Unix

CONFIGURATION MANAGEMENT

RHEL-08-010720 - All RHEL 8 local interactive users must have a home directory assigned in the /etc/passwd file.DISA Red Hat Enterprise Linux 8 STIG v2r1Unix

CONFIGURATION MANAGEMENT

RHEL-08-010730 - All RHEL 8 local interactive user home directories must have mode 0750 or less permissive.DISA Red Hat Enterprise Linux 8 STIG v2r1Unix

CONFIGURATION MANAGEMENT

RHEL-08-010780 - All RHEL 8 local files and directories must have a valid owner.DISA Red Hat Enterprise Linux 8 STIG v2r1Unix

CONFIGURATION MANAGEMENT

RHEL-08-010800 - A separate RHEL 8 filesystem must be used for user home directories (such as /home or an equivalent).DISA Red Hat Enterprise Linux 8 STIG v2r1Unix

CONFIGURATION MANAGEMENT

RHEL-08-020000 - RHEL 8 temporary user accounts must be provisioned with an expiration time of 72 hours or less.DISA Red Hat Enterprise Linux 8 STIG v2r1Unix

ACCESS CONTROL

RHEL-08-020013 - RHEL 8 must automatically lock an account when three unsuccessful logon attempts occur during a 15-minute time period.DISA Red Hat Enterprise Linux 8 STIG v2r1Unix

ACCESS CONTROL