Item Search

NameAudit NamePluginCategory
RHEL-08-030690 - The RHEL 8 audit records must be off-loaded onto a different system or storage media from the system being audited.DISA Red Hat Enterprise Linux 8 STIG v2r1Unix

AUDIT AND ACCOUNTABILITY

RHEL-08-040004 - RHEL 8 must enable mitigations against processor-based vulnerabilities.DISA Red Hat Enterprise Linux 8 STIG v2r1Unix

CONFIGURATION MANAGEMENT

RHEL-08-040010 - RHEL 8 must not have the rsh-server package installed.DISA Red Hat Enterprise Linux 8 STIG v2r1Unix

CONFIGURATION MANAGEMENT

RHEL-08-040022 - RHEL 8 must disable the controller area network (CAN) protocol.DISA Red Hat Enterprise Linux 8 STIG v2r1Unix

CONFIGURATION MANAGEMENT

RHEL-08-040030 - RHEL 8 must be configured to prohibit or restrict the use of functions, ports, protocols, and/or services, as defined in the Ports, Protocols, and Services Management (PPSM) Category Assignments List (CAL) and vulnerability assessments.DISA Red Hat Enterprise Linux 8 STIG v2r1Unix

CONFIGURATION MANAGEMENT

RHEL-08-040090 - A RHEL 8 firewall must employ a deny-all, allow-by-exception policy for allowing connections to other systems.DISA Red Hat Enterprise Linux 8 STIG v2r1Unix

ACCESS CONTROL

RHEL-08-040133 - RHEL 8 must mount /var/tmp with the nosuid option.DISA Red Hat Enterprise Linux 8 STIG v2r1Unix

CONFIGURATION MANAGEMENT

RHEL-08-040135 - The RHEL 8 fapolicy module must be installed.DISA Red Hat Enterprise Linux 8 STIG v2r1Unix

CONFIGURATION MANAGEMENT

RHEL-08-040160 - All RHEL 8 networked systems must have and implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission.DISA Red Hat Enterprise Linux 8 STIG v2r1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

RHEL-08-040161 - RHEL 8 must force a frequent session key renegotiation for SSH connections to the server.DISA Red Hat Enterprise Linux 8 STIG v2r1Unix

ACCESS CONTROL

RHEL-08-040180 - The debug-shell systemd service must be disabled on RHEL 8.DISA Red Hat Enterprise Linux 8 STIG v2r1Unix

CONFIGURATION MANAGEMENT

RHEL-08-040209 - RHEL 8 must prevent IPv4 Internet Control Message Protocol (ICMP) redirect messages from being accepted.DISA Red Hat Enterprise Linux 8 STIG v2r1Unix

CONFIGURATION MANAGEMENT

RHEL-08-040262 - RHEL 8 must not accept router advertisements on all IPv6 interfaces by default.DISA Red Hat Enterprise Linux 8 STIG v2r1Unix

CONFIGURATION MANAGEMENT

RHEL-08-040282 - RHEL 8 must restrict usage of ptrace to descendant processes.DISA Red Hat Enterprise Linux 8 STIG v2r1Unix

CONFIGURATION MANAGEMENT

RHEL-08-040310 - The RHEL 8 file integrity tool must be configured to verify Access Control Lists (ACLs).DISA Red Hat Enterprise Linux 8 STIG v2r1Unix

CONFIGURATION MANAGEMENT

RHEL-08-040350 - If the Trivial File Transfer Protocol (TFTP) server is required, the RHEL 8 TFTP daemon must be configured to operate in secure mode.DISA Red Hat Enterprise Linux 8 STIG v2r1Unix

CONFIGURATION MANAGEMENT

RHEL-08-040360 - A File Transfer Protocol (FTP) server package must not be installed unless mission essential on RHEL 8.DISA Red Hat Enterprise Linux 8 STIG v2r1Unix

CONFIGURATION MANAGEMENT

RHEL-08-040370 - The gssproxy package must not be installed unless mission essential on RHEL 8.DISA Red Hat Enterprise Linux 8 STIG v2r1Unix

CONFIGURATION MANAGEMENT

RHEL-08-040380 - The iprutils package must not be installed unless mission essential on RHEL 8.DISA Red Hat Enterprise Linux 8 STIG v2r1Unix

CONFIGURATION MANAGEMENT

RHEL-09-171011 - RHEL 9 must display the Standard Mandatory DOD Notice and Consent Banner before granting local or remote access to the system via a graphical user logon.DISA Red Hat Enterprise Linux 9 STIG v2r3Unix

ACCESS CONTROL

RHEL-09-213060 - RHEL 9 must disable the Stream Control Transmission Protocol (SCTP) kernel module.DISA Red Hat Enterprise Linux 9 STIG v2r3Unix

CONFIGURATION MANAGEMENT

RHEL-09-214015 - RHEL 9 must check the GPG signature of software packages originating from external software repositories before installation.DISA Red Hat Enterprise Linux 9 STIG v2r3Unix

CONFIGURATION MANAGEMENT

RHEL-09-214020 - RHEL 9 must check the GPG signature of locally installed software packages before installation.DISA Red Hat Enterprise Linux 9 STIG v2r3Unix

CONFIGURATION MANAGEMENT

RHEL-09-231020 - RHEL 9 must use a separate file system for /var.DISA Red Hat Enterprise Linux 9 STIG v2r3Unix

CONFIGURATION MANAGEMENT

RHEL-09-231030 - RHEL 9 must use a separate file system for the system audit data path.DISA Red Hat Enterprise Linux 9 STIG v2r3Unix

AUDIT AND ACCOUNTABILITY

RHEL-09-231035 - RHEL 9 must use a separate file system for /var/tmp.DISA Red Hat Enterprise Linux 9 STIG v2r3Unix

CONFIGURATION MANAGEMENT

RHEL-09-231055 - RHEL 9 must prevent code from being executed on file systems that contain user home directories.DISA Red Hat Enterprise Linux 9 STIG v2r3Unix

CONFIGURATION MANAGEMENT

RHEL-09-231095 - RHEL 9 must mount /boot with the nodev option.DISA Red Hat Enterprise Linux 9 STIG v2r3Unix

CONFIGURATION MANAGEMENT

RHEL-09-231105 - RHEL 9 must prevent files with the setuid and setgid bit set from being executed on the /boot/efi directory.DISA Red Hat Enterprise Linux 9 STIG v2r3Unix

CONFIGURATION MANAGEMENT

RHEL-09-231120 - RHEL 9 must mount /dev/shm with the nosuid option.DISA Red Hat Enterprise Linux 9 STIG v2r3Unix

CONFIGURATION MANAGEMENT

RHEL-09-231145 - RHEL 9 must mount /var/log with the nodev option.DISA Red Hat Enterprise Linux 9 STIG v2r3Unix

CONFIGURATION MANAGEMENT

RHEL-09-231150 - RHEL 9 must mount /var/log with the noexec option.DISA Red Hat Enterprise Linux 9 STIG v2r3Unix

CONFIGURATION MANAGEMENT

RHEL-09-231165 - RHEL 9 must mount /var/log/audit with the noexec option.DISA Red Hat Enterprise Linux 9 STIG v2r3Unix

CONFIGURATION MANAGEMENT

RHEL-09-231175 - RHEL 9 must mount /var/tmp with the nodev option.DISA Red Hat Enterprise Linux 9 STIG v2r3Unix

CONFIGURATION MANAGEMENT

RHEL-09-232040 - RHEL 9 cron configuration directories must have a mode of 0700 or less permissive.DISA Red Hat Enterprise Linux 9 STIG v2r3Unix

CONFIGURATION MANAGEMENT

RHEL-09-232160 - RHEL 9 /etc/shadow- file must be owned by root.DISA Red Hat Enterprise Linux 9 STIG v2r3Unix

CONFIGURATION MANAGEMENT

RHEL-09-232165 - RHEL 9 /etc/shadow- file must be group-owned by root.DISA Red Hat Enterprise Linux 9 STIG v2r3Unix

CONFIGURATION MANAGEMENT

RHEL-09-232195 - RHEL 9 system commands must be group-owned by root or a system account.DISA Red Hat Enterprise Linux 9 STIG v2r3Unix

CONFIGURATION MANAGEMENT

RHEL-09-232245 - A sticky bit must be set on all RHEL 9 public directories.DISA Red Hat Enterprise Linux 9 STIG v2r3Unix

SYSTEM AND COMMUNICATIONS PROTECTION

RHEL-09-232255 - All RHEL 9 local files and directories must have a valid owner.DISA Red Hat Enterprise Linux 9 STIG v2r3Unix

CONFIGURATION MANAGEMENT

RHEL-09-232260 - RHEL 9 must be configured so that all system device files are correctly labeled to prevent unauthorized modification.DISA Red Hat Enterprise Linux 9 STIG v2r3Unix

CONFIGURATION MANAGEMENT

RHEL-09-232265 - RHEL 9 /etc/crontab file must have mode 0600.DISA Red Hat Enterprise Linux 9 STIG v2r3Unix

CONFIGURATION MANAGEMENT

RHEL-09-251045 - RHEL 9 must enable hardening for the Berkeley Packet Filter just-in-time compiler.DISA Red Hat Enterprise Linux 9 STIG v2r3Unix

CONFIGURATION MANAGEMENT

RHEL-09-252010 - RHEL 9 must have the chrony package installed.DISA Red Hat Enterprise Linux 9 STIG v2r3Unix

AUDIT AND ACCOUNTABILITY

RHEL-09-252015 - RHEL 9 chronyd service must be enabled.DISA Red Hat Enterprise Linux 9 STIG v2r3Unix

AUDIT AND ACCOUNTABILITY

RHEL-09-252065 - RHEL 9 libreswan package must be installed.DISA Red Hat Enterprise Linux 9 STIG v2r3Unix

IDENTIFICATION AND AUTHENTICATION

RHEL-09-252070 - There must be no shosts.equiv files on RHEL 9.DISA Red Hat Enterprise Linux 9 STIG v2r3Unix

CONFIGURATION MANAGEMENT

RHEL-09-253015 - RHEL 9 must ignore Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirect messages.DISA Red Hat Enterprise Linux 9 STIG v2r3Unix

CONFIGURATION MANAGEMENT

RHEL-09-253030 - RHEL 9 must log IPv4 packets with impossible addresses by default.DISA Red Hat Enterprise Linux 9 STIG v2r3Unix

CONFIGURATION MANAGEMENT

RHEL-09-253045 - RHEL 9 must not forward IPv4 source-routed packets by default.DISA Red Hat Enterprise Linux 9 STIG v2r3Unix

CONFIGURATION MANAGEMENT