Red Hat Enterprise Linux 8 STIG

Red Hat Enterprise Linux 8 Security Technical Implementation Guide

ID Vuln ID Title Cat Status
RHEL-08-020030 RHEL-08-020030 RHEL 8 must enable a user session lock until that user re-establishes access using established identification and authentication procedures for graphical user sessions. Cat II
RHEL-08-040130 RHEL-08-040130 The RHEL 8 fapolicy module must be configured to employ a deny-all, permit-by-exception policy to allow the execution of authorized software programs. Cat II
RHEL-08-040090 RHEL-08-040090 A RHEL 8 firewall must employ a deny-all, allow-by-exception policy for allowing connections to other systems. Cat II
RHEL-08-010500 RHEL-08-010500 The RHEL 8 SSH daemon must perform strict mode checking of home directory configuration files. Cat II
RHEL-08-030090 RHEL-08-030090 RHEL 8 audit logs must be group-owned by root to prevent unauthorized read access. Cat II
RHEL-08-010510 RHEL-08-010510 The RHEL 8 SSH daemon must not allow compression or must only allow compression after successful authentication. Cat II
RHEL-08-030050 RHEL-08-030050 The RHEL 8 System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) must be alerted when the audit storage volume is full. Cat II
RHEL-08-010770 RHEL-08-010770 All RHEL 8 local initialization files must have mode 0740 or less permissive. Cat II
RHEL-08-030060 RHEL-08-030060 The RHEL 8 audit system must take appropriate action when the audit storage volume is full. Cat II
RHEL-08-010710 RHEL-08-010710 All RHEL 8 world-writable directories must be group-owned by root, sys, bin, or an application group. Cat II
RHEL-08-030200 RHEL-08-030200 The RHEL 8 audit system must be configured to audit any usage of the lremovexattr system call. Cat II
RHEL-08-020270 RHEL-08-020270 RHEL 8 emergency accounts must be automatically removed or disabled after the crisis is resolved or within 72 hours. Cat II
RHEL-08-040000 RHEL-08-040000 RHEL 8 must not have the telnet-server package installed. Cat I
RHEL-08-010740 RHEL-08-010740 All RHEL 8 local interactive user home directories must be group-owned by the home directory owner’s primary group. Cat II
RHEL-08-030320 RHEL-08-030320 Successful/unsuccessful uses of the ssh-keysign in RHEL 8 must generate an audit record. Cat II

Print

Display this benchmark in a printer-friendly format for off-line reference. This display does not include any commands.
Print

Version Changes

If there are multiple versions of this benchmark, Xylok can display the differences between any changes in the checks.
Changes