Item Search

NameAudit NamePluginCategory
RHEL-08-040126 - RHEL 8 must mount /var/log with the nodev option.DISA Red Hat Enterprise Linux 8 STIG v2r1Unix

CONFIGURATION MANAGEMENT

RHEL-08-040127 - RHEL 8 must mount /var/log with the nosuid option.DISA Red Hat Enterprise Linux 8 STIG v2r1Unix

CONFIGURATION MANAGEMENT

RHEL-08-040131 - RHEL 8 must mount /var/log/audit with the noexec option.DISA Red Hat Enterprise Linux 8 STIG v2r1Unix

CONFIGURATION MANAGEMENT

RHEL-08-040171 - The x86 Ctrl-Alt-Delete key sequence in RHEL 8 must be disabled if a graphical user interface is installed.DISA Red Hat Enterprise Linux 8 STIG v2r1Unix

CONFIGURATION MANAGEMENT

RHEL-08-040172 - The systemd Ctrl-Alt-Delete burst key sequence in RHEL 8 must be disabled.DISA Red Hat Enterprise Linux 8 STIG v2r1Unix

CONFIGURATION MANAGEMENT

RHEL-08-040230 - RHEL 8 must not respond to Internet Control Message Protocol (ICMP) echoes sent to a broadcast address.DISA Red Hat Enterprise Linux 8 STIG v2r1Unix

CONFIGURATION MANAGEMENT

RHEL-08-040239 - RHEL 8 must not forward IPv4 source-routed packets.DISA Red Hat Enterprise Linux 8 STIG v2r1Unix

CONFIGURATION MANAGEMENT

RHEL-08-040240 - RHEL 8 must not forward IPv6 source-routed packets.DISA Red Hat Enterprise Linux 8 STIG v2r1Unix

CONFIGURATION MANAGEMENT

RHEL-08-040249 - RHEL 8 must not forward IPv4 source-routed packets by default.DISA Red Hat Enterprise Linux 8 STIG v2r1Unix

CONFIGURATION MANAGEMENT

RHEL-08-040260 - RHEL 8 must not enable IPv6 packet forwarding unless the system is a router.DISA Red Hat Enterprise Linux 8 STIG v2r1Unix

CONFIGURATION MANAGEMENT

RHEL-08-040285 - RHEL 8 must use reverse path filtering on all IPv4 interfaces.DISA Red Hat Enterprise Linux 8 STIG v2r1Unix

CONFIGURATION MANAGEMENT

RHEL-08-040290 - RHEL 8 must be configured to prevent unrestricted mail relaying.DISA Red Hat Enterprise Linux 8 STIG v2r1Unix

CONFIGURATION MANAGEMENT

RHEL-08-040341 - The RHEL 8 SSH daemon must prevent remote hosts from connecting to the proxy display.DISA Red Hat Enterprise Linux 8 STIG v2r1Unix

CONFIGURATION MANAGEMENT

RHEL-09-211015 - RHEL 9 vendor packaged system security patches and updates must be installed and up to date.DISA Red Hat Enterprise Linux 9 STIG v2r3Unix

CONFIGURATION MANAGEMENT

RHEL-09-211020 - RHEL 9 must display the Standard Mandatory DOD Notice and Consent Banner before granting local or remote access to the system via a command line user logon.DISA Red Hat Enterprise Linux 9 STIG v2r3Unix

ACCESS CONTROL

RHEL-09-211040 - RHEL 9 systemd-journald service must be enabled.DISA Red Hat Enterprise Linux 9 STIG v2r3Unix

SYSTEM AND COMMUNICATIONS PROTECTION

RHEL-09-211055 - RHEL 9 debug-shell systemd service must be disabled.DISA Red Hat Enterprise Linux 9 STIG v2r3Unix

ACCESS CONTROL

RHEL-09-212015 - RHEL 9 must disable the ability of systemd to spawn an interactive boot process.DISA Red Hat Enterprise Linux 9 STIG v2r3Unix

CONFIGURATION MANAGEMENT

RHEL-09-212040 - RHEL 9 must clear the page allocator to prevent use-after-free attacks.DISA Red Hat Enterprise Linux 9 STIG v2r3Unix

SYSTEM AND COMMUNICATIONS PROTECTION

RHEL-09-213025 - RHEL 9 must restrict exposed kernel pointer addresses access.DISA Red Hat Enterprise Linux 9 STIG v2r3Unix

SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

RHEL-09-213030 - RHEL 9 must enable kernel parameters to enforce discretionary access control on hardlinks.DISA Red Hat Enterprise Linux 9 STIG v2r3Unix

ACCESS CONTROL

RHEL-09-213065 - RHEL 9 must disable the Transparent Inter Process Communication (TIPC) kernel module.DISA Red Hat Enterprise Linux 9 STIG v2r3Unix

CONFIGURATION MANAGEMENT

RHEL-09-214035 - RHEL 9 must remove all software components after updated versions have been installed.DISA Red Hat Enterprise Linux 9 STIG v2r3Unix

SYSTEM AND INFORMATION INTEGRITY

RHEL-09-215020 - RHEL 9 must not have the sendmail package installed.DISA Red Hat Enterprise Linux 9 STIG v2r3Unix

CONFIGURATION MANAGEMENT

RHEL-09-215055 - RHEL 9 must not have the tuned package installed.DISA Red Hat Enterprise Linux 9 STIG v2r3Unix

CONFIGURATION MANAGEMENT

RHEL-09-231015 - RHEL 9 must use a separate file system for /tmp.DISA Red Hat Enterprise Linux 9 STIG v2r3Unix

CONFIGURATION MANAGEMENT

RHEL-09-231075 - RHEL 9 must prevent files with the setuid and setgid bit set from being executed on file systems that are imported via Network File System (NFS).DISA Red Hat Enterprise Linux 9 STIG v2r3Unix

CONFIGURATION MANAGEMENT

RHEL-09-231110 - RHEL 9 must mount /dev/shm with the nodev option.DISA Red Hat Enterprise Linux 9 STIG v2r3Unix

CONFIGURATION MANAGEMENT

RHEL-09-231115 - RHEL 9 must mount /dev/shm with the noexec option.DISA Red Hat Enterprise Linux 9 STIG v2r3Unix

CONFIGURATION MANAGEMENT

RHEL-09-231125 - RHEL 9 must mount /tmp with the nodev option.DISA Red Hat Enterprise Linux 9 STIG v2r3Unix

CONFIGURATION MANAGEMENT

RHEL-09-231155 - RHEL 9 must mount /var/log with the nosuid option.DISA Red Hat Enterprise Linux 9 STIG v2r3Unix

CONFIGURATION MANAGEMENT

RHEL-09-231160 - RHEL 9 must mount /var/log/audit with the nodev option.DISA Red Hat Enterprise Linux 9 STIG v2r3Unix

CONFIGURATION MANAGEMENT

RHEL-09-232095 - RHEL 9 /etc/group file must be group-owned by root.DISA Red Hat Enterprise Linux 9 STIG v2r3Unix

CONFIGURATION MANAGEMENT

RHEL-09-232105 - RHEL 9 /etc/group- file must be group-owned by root.DISA Red Hat Enterprise Linux 9 STIG v2r3Unix

CONFIGURATION MANAGEMENT

RHEL-09-232150 - RHEL 9 /etc/shadow file must be owned by root.DISA Red Hat Enterprise Linux 9 STIG v2r3Unix

CONFIGURATION MANAGEMENT

RHEL-09-251020 - A RHEL 9 firewall must employ a deny-all, allow-by-exception policy for allowing connections to other systems.DISA Red Hat Enterprise Linux 9 STIG v2r3Unix

CONFIGURATION MANAGEMENT

RHEL-09-251030 - RHEL 9 must protect against or limit the effects of denial-of-service (DoS) attacks by ensuring rate-limiting measures on impacted network interfaces are implemented.DISA Red Hat Enterprise Linux 9 STIG v2r3Unix

SYSTEM AND COMMUNICATIONS PROTECTION

RHEL-09-252035 - RHEL 9 systems using Domain Name Servers (DNS) resolution must have at least two name servers configured.DISA Red Hat Enterprise Linux 9 STIG v2r3Unix

CONFIGURATION MANAGEMENT

RHEL-09-252045 - RHEL 9 must not have unauthorized IP tunnels configured.DISA Red Hat Enterprise Linux 9 STIG v2r3Unix

CONFIGURATION MANAGEMENT

RHEL-09-252050 - RHEL 9 must be configured to prevent unrestricted mail relaying.DISA Red Hat Enterprise Linux 9 STIG v2r3Unix

CONFIGURATION MANAGEMENT

RHEL-09-253020 - RHEL 9 must not forward Internet Protocol version 4 (IPv4) source-routed packets.DISA Red Hat Enterprise Linux 9 STIG v2r3Unix

CONFIGURATION MANAGEMENT

RHEL-09-254025 - RHEL 9 must not enable IPv6 packet forwarding unless the system is a router.DISA Red Hat Enterprise Linux 9 STIG v2r3Unix

CONFIGURATION MANAGEMENT

RHEL-09-255015 - All RHEL 9 networked systems must have and implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission.DISA Red Hat Enterprise Linux 9 STIG v2r3Unix

SYSTEM AND COMMUNICATIONS PROTECTION

RHEL-09-255040 - RHEL 9 SSHD must not allow blank passwords.DISA Red Hat Enterprise Linux 9 STIG v2r3Unix

IDENTIFICATION AND AUTHENTICATION

RHEL-09-255100 - RHEL 9 must be configured so that all network connections associated with SSH traffic are terminated after 10 minutes of becoming unresponsive.DISA Red Hat Enterprise Linux 9 STIG v2r3Unix

ACCESS CONTROL, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION

RHEL-09-255125 - RHEL 9 SSH public host key files must have mode 0644 or less permissive.DISA Red Hat Enterprise Linux 9 STIG v2r3Unix

CONFIGURATION MANAGEMENT

RHEL-09-255135 - RHEL 9 SSH daemon must not allow GSSAPI authentication.DISA Red Hat Enterprise Linux 9 STIG v2r3Unix

CONFIGURATION MANAGEMENT

RHEL-09-255175 - RHEL 9 SSH daemon must prevent remote hosts from connecting to the proxy display.DISA Red Hat Enterprise Linux 9 STIG v2r3Unix

CONFIGURATION MANAGEMENT

RHEL-09-271010 - RHEL 9 must display the Standard Mandatory DOD Notice and Consent Banner before granting local or remote access to the system via a graphical user logon.DISA Red Hat Enterprise Linux 9 STIG v2r3Unix

ACCESS CONTROL

RHEL-09-271030 - RHEL 9 must disable the graphical user interface autorun function unless required.DISA Red Hat Enterprise Linux 9 STIG v2r3Unix

CONFIGURATION MANAGEMENT