Item Search

NameAudit NamePluginCategory
1.1.6 Bind Mount the /var/tmp directory to /tmpCIS Red Hat Enterprise Linux 5 L1 v2.2.1Unix

CONFIGURATION MANAGEMENT

1.1.9 Create Separate Partition for /homeCIS Red Hat Enterprise Linux 5 L1 v2.2.1Unix

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

1.1.12 Add noexec Option to Removable Media PartitionsCIS Red Hat Enterprise Linux 5 L1 v2.2.1Unix

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

1.1.13 Add nosuid Option to Removable Media PartitionsCIS Red Hat Enterprise Linux 5 L1 v2.2.1Unix

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

1.1.22 Disable Mounting of hfsplus Filesystems - install hfsplus /bin/true'CIS Red Hat Enterprise Linux 5 L2 v2.2.1Unix

CONFIGURATION MANAGEMENT

1.2.3 Verify that gpgcheck is Globally ActivatedCIS Red Hat Enterprise Linux 5 L1 v2.2.1Unix

SYSTEM AND INFORMATION INTEGRITY

1.4.1 Enable SELinux in /etc/grub.conf - enforcing != 0CIS Red Hat Enterprise Linux 5 L2 v2.2.1Unix

ACCESS CONTROL

1.6.1 Restrict Core Dumps - fs.suid_dumpable = 0'CIS Red Hat Enterprise Linux 5 L1 v2.2.1Unix

CONFIGURATION MANAGEMENT

1.6.3 Enable Randomized Virtual Memory Region Placement - kernel.randomize_va_space = 2CIS Red Hat Enterprise Linux 5 L1 v2.2.1Unix

SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

2.1.7 Remove tftpCIS Red Hat Enterprise Linux 5 L1 v2.2.1Unix

CONFIGURATION MANAGEMENT

2.1.13 Disable chargen-streamCIS Red Hat Enterprise Linux 5 L1 v2.2.1Unix

CONFIGURATION MANAGEMENT

3.1.6 Restrict Published Information (if publishing is required) - publish-binf=noCIS Red Hat Enterprise Linux 5 L1 v2.2.1Unix

CONFIGURATION MANAGEMENT

3.13 Remove SambaCIS Red Hat Enterprise Linux 5 L1 v2.2.1Unix

CONFIGURATION MANAGEMENT

4.4.1.1 Disable IPv6 Router Advertisements - net.ipv6.conf.default.accept_ra = 0CIS Red Hat Enterprise Linux 5 L1 v2.2.1Unix

CONFIGURATION MANAGEMENT

4.6.2 Disable SCTPCIS Red Hat Enterprise Linux 5 L1 v2.2.1Unix

CONFIGURATION MANAGEMENT

5.2.1 Install the rsyslog packageCIS Red Hat Enterprise Linux 5 L1 v2.2.1Unix

AUDIT AND ACCOUNTABILITY

5.2.2 Activate the rsyslog Service - syslogCIS Red Hat Enterprise Linux 5 L1 v2.2.1Unix

AUDIT AND ACCOUNTABILITY

5.2.3 Configure /etc/rsyslog.conf - lpr,news,uucp,local0,local1,local2,local3,local4,local5,local6 /var/log/unused.logCIS Red Hat Enterprise Linux 5 L1 v2.2.1Unix

AUDIT AND ACCOUNTABILITY

5.2.6 Accept Remote rsyslog Messages Only on Designated Log Hosts - $InputTCPServerRun 514CIS Red Hat Enterprise Linux 5 L1 v2.2.1Unix

AUDIT AND ACCOUNTABILITY

5.4 Configure logrotate - '/var/log/boot.log'CIS Red Hat Enterprise Linux 5 L1 v2.2.1Unix

AUDIT AND ACCOUNTABILITY

5.4 Configure logrotate - '/var/log/spooler'CIS Red Hat Enterprise Linux 5 L1 v2.2.1Unix

AUDIT AND ACCOUNTABILITY

6.1.5 Set User/Group Owner and Permission on /etc/cron.hourlyCIS Red Hat Enterprise Linux 5 L1 v2.2.1Unix

ACCESS CONTROL

6.1.6 Set User/Group Owner and Permission on /etc/cron.dailyCIS Red Hat Enterprise Linux 5 L1 v2.2.1Unix

ACCESS CONTROL

6.1.10 Restrict at/cron to Authorized Users - cron.allowCIS Red Hat Enterprise Linux 5 L1 v2.2.1Unix

ACCESS CONTROL

6.3.1 Set Password Creation Requirement Parameters Using pam_cracklib - password requiredCIS Red Hat Enterprise Linux 5 L1 v2.2.1Unix

IDENTIFICATION AND AUTHENTICATION

6.3.2 Set Lockout for Failed Password Attempts - auth required pam_tally2.so deny=5 onerr=failCIS Red Hat Enterprise Linux 5 L1 v2.2.1Unix

ACCESS CONTROL

6.5 Restrict Access to the su Command - auth required pam_wheel.so use_uid'CIS Red Hat Enterprise Linux 5 L1 v2.2.1Unix

ACCESS CONTROL

7.5 Lock Inactive User Accounts - INACTIVE=35CIS Red Hat Enterprise Linux 5 L1 v2.2.1Unix

ACCESS CONTROL

8.1.1 Set Warning Banner for Standard Login Services - /etc/issueCIS Red Hat Enterprise Linux 5 L1 v2.2.1Unix

ACCESS CONTROL

8.1.1 Set Warning Banner for Standard Login Services - /etc/issue.netCIS Red Hat Enterprise Linux 5 L1 v2.2.1Unix

ACCESS CONTROL

8.1.2 Remove OS Information from Login Warning Banners - /etc/issueCIS Red Hat Enterprise Linux 5 L1 v2.2.1Unix

CONFIGURATION MANAGEMENT

8.2 Set GNOME Warning BannerCIS Red Hat Enterprise Linux 5 L1 v2.2.1Unix

CONFIGURATION MANAGEMENT

9.1.5 Verify Permissions on /etc/groupCIS Red Hat Enterprise Linux 5 L1 v2.2.1Unix

ACCESS CONTROL

9.1.11 Find Un-owned Files and DirectoriesCIS Red Hat Enterprise Linux 5 L1 v2.2.1Unix

ACCESS CONTROL

9.2.1 Ensure Password Fields are Not EmptyCIS Red Hat Enterprise Linux 5 L1 v2.2.1Unix

IDENTIFICATION AND AUTHENTICATION

9.2.10 Check for Presence of User .rhosts FilesCIS Red Hat Enterprise Linux 5 L1 v2.2.1Unix

IDENTIFICATION AND AUTHENTICATION

RHEL-06-000339 - The FTP daemon must be configured for logging or verbose mode - 'xferlog_std_format = no'.DISA Red Hat Enterprise Linux 6 STIG v2r2Unix

AUDIT AND ACCOUNTABILITY

RHEL-06-000356 - The system must require administrator action to unlock an account locked by excessive failed login attempts - 'system-auth auth required'DISA Red Hat Enterprise Linux 6 STIG v2r2Unix

ACCESS CONTROL

RHEL-06-000357 - The system must disable accounts after excessive login failures within a 15-minute interval - pw-auth auth [default=die]DISA Red Hat Enterprise Linux 6 STIG v2r2Unix

ACCESS CONTROL

RHEL-06-000372 - The operating system, upon successful logon/access, must display to the user the number of unsuccessful logon/access attempts since the last successful logon/access - showfailedDISA Red Hat Enterprise Linux 6 STIG v2r2Unix

CONFIGURATION MANAGEMENT

RHEL-06-000503 - The operating system must enforce requirements for the connection of mobile devices to operating systems.DISA Red Hat Enterprise Linux 6 STIG v2r2Unix

CONFIGURATION MANAGEMENT

RHEL-06-000509 - The system must forward audit records to the syslog service.DISA Red Hat Enterprise Linux 6 STIG v2r2Unix

AUDIT AND ACCOUNTABILITY

RHEL-06-000516 - The system package management tool must verify ownership on all files and directories associated with packages.DISA Red Hat Enterprise Linux 6 STIG v2r2Unix

CONFIGURATION MANAGEMENT

RHEL-06-000522 - Audit log files must be group-owned by root.DISA Red Hat Enterprise Linux 6 STIG v2r2Unix

AUDIT AND ACCOUNTABILITY

RHEL-06-000523 - The systems local IPv6 firewall must implement a deny-all, allow-by-exception policy for inbound packets.DISA Red Hat Enterprise Linux 6 STIG v2r2Unix

CONFIGURATION MANAGEMENT

RHEL-06-000525 - Auditing must be enabled at boot by setting a kernel parameter - UEFIDISA Red Hat Enterprise Linux 6 STIG v2r2Unix

AUDIT AND ACCOUNTABILITY

RHEL-06-000527 - The login user list must be disabled.DISA Red Hat Enterprise Linux 6 STIG v2r2Unix

CONFIGURATION MANAGEMENT

RHEL-06-000528 - The noexec option must be added to the /tmp partition.DISA Red Hat Enterprise Linux 6 STIG v2r2Unix

CONFIGURATION MANAGEMENT

RHEL-06-000529 - The sudo command must require authentication - /etc/sudoers.d/* NOPASSWDDISA Red Hat Enterprise Linux 6 STIG v2r2Unix

IDENTIFICATION AND AUTHENTICATION

RHEL-07-030010 - The Red Hat Enterprise Linux operating system must shut down upon audit processing failure, unless availability is an overriding concern. If availability is a concern, the system must alert the designated staff (System Administrator [SA] and Information System Security Officer [ISSO] at a minimum) in the event of an audit processing failure.DISA Red Hat Enterprise Linux 7 STIG v3r15Unix

AUDIT AND ACCOUNTABILITY