Check: OL08-00-040390
Oracle Linux 8 STIG:
OL08-00-040390
(in versions v1 r10 through v1 r1)
Title
OL 8 must not have the "tuned" package installed if not required for operational support. (Cat II impact)
Discussion
"Tuned" is a daemon that uses "udev" to monitor connected devices and statically and dynamically tunes system settings according to a selected profile. Disabling the "tuned" package protects the system against exploitation of any flaws in its implementation.
Check Content
Determine if the "tuned" package is installed with the following command: $ sudo yum list installed tuned If the "tuned" package is installed, this is a finding.
Fix Text
Configure OL 8 to disable non-essential capabilities by removing the "tuned" package from the system with the following command: $ sudo yum remove tuned
Additional Identifiers
Rule ID: SV-248906r780284_rule
Vulnerability ID: V-248906
Group Title: SRG-OS-000480-GPOS-00227
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |