Red Hat Enterprise Linux 8 STIG

Red Hat Enterprise Linux 8 Security Technical Implementation Guide

ID Vuln ID Title Cat Status
RHEL-08-020030 RHEL-08-020030 RHEL 8 must enable a user session lock until that user re-establishes access using established identification and authentication procedures for graphical user sessions. Cat II
RHEL-08-040130 RHEL-08-040130 The RHEL 8 fapolicy module must be configured to employ a deny-all, permit-by-exception policy to allow the execution of authorized software programs. Cat II
RHEL-08-040090 RHEL-08-040090 A RHEL 8 firewall must employ a deny-all, allow-by-exception policy for allowing connections to other systems. Cat II
RHEL-08-010500 RHEL-08-010500 The RHEL 8 SSH daemon must perform strict mode checking of home directory configuration files. Cat II
RHEL-08-030090 RHEL-08-030090 RHEL 8 audit logs must be group-owned by root to prevent unauthorized read access. Cat II
RHEL-08-010510 RHEL-08-010510 The RHEL 8 SSH daemon must not allow compression or must only allow compression after successful authentication. Cat II
RHEL-08-030050 RHEL-08-030050 The RHEL 8 System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) must be alerted when the audit storage volume is full. Cat II
RHEL-08-010770 RHEL-08-010770 All RHEL 8 local initialization files must have mode 0740 or less permissive. Cat II
RHEL-08-030060 RHEL-08-030060 The RHEL 8 audit system must take appropriate action when the audit storage volume is full. Cat II
RHEL-08-010710 RHEL-08-010710 All RHEL 8 world-writable directories must be group-owned by root, sys, bin, or an application group. Cat II
RHEL-08-030200 RHEL-08-030200 The RHEL 8 audit system must be configured to audit any usage of the lremovexattr system call. Cat II
RHEL-08-020270 RHEL-08-020270 RHEL 8 emergency accounts must be automatically removed or disabled after the crisis is resolved or within 72 hours. Cat II
RHEL-08-040000 RHEL-08-040000 RHEL 8 must not have the telnet-server package installed. Cat I
RHEL-08-010740 RHEL-08-010740 All RHEL 8 local interactive user home directories must be group-owned by the home directory owner’s primary group. Cat II
RHEL-08-030320 RHEL-08-030320 Successful/unsuccessful uses of the ssh-keysign in RHEL 8 must generate an audit record. Cat II


Display this benchmark in a printer-friendly format for off-line reference. This display does not include any commands.

Version Changes

If there are multiple versions of this benchmark, Xylok can display the differences between any changes in the checks.