An error occurred:
Close sidebar
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: releases-v2025.04.2-01be-daa4
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: releases-v2025.04.2-01be-daa4
Open sidebar
Navigate
Top
Search
Checks (
236
)
Print
Changes
Pages (
14/16
)
RHEL 7 STIG
Red Hat Enterprise Linux 7 Security Technical Implementation Guide
v3 r15 (Released July 24, 2024)
v3 r14 (Released Jan. 24, 2024)
v3 r13 (Released Oct. 25, 2023)
v3 r12 (Released July 26, 2023)
v3 r11 (Released April 27, 2023)
v3 r10 (Released Jan. 26, 2023)
v3 r9 (Released Oct. 26, 2022)
v3 r8 (Released July 27, 2022)
v3 r7 (Released April 27, 2022)
v3 r6 (Released Jan. 27, 2022)
v3 r5 (Released Oct. 27, 2021)
v3 r4 (Released July 23, 2021)
v3 r3 (Released April 23, 2021)
v3 r2 (Released Jan. 22, 2021)
v3 r1 (Released Oct. 23, 2020)
v2 r8 (Released July 24, 2020)
v2 r7 (Released April 24, 2020)
v3 r0.3 (Released March 31, 2020)
v2 r6 (Released Jan. 24, 2020)
v2 r5 (Released Oct. 25, 2019)
v2 r4 (Released July 26, 2019)
v2 r3 (Released April 26, 2019)
v2 r2 (Released Jan. 25, 2019)
v2 r1 (Released July 27, 2018)
v1 r4 (Released Jan. 26, 2018)
v1 r3 (Released Oct. 27, 2017)
v1 r2 (Released July 28, 2017)
v1 r1 (Released Feb. 27, 2017)
ID
Vuln ID
Title
Cat
Status
RHEL-07-040410
V-204596
The Red Hat Enterprise Linux operating system must be configured so that the SSH public host key files have mode 0644 or less permissive.
Cat II
RHEL-07-040420
V-204597
The Red Hat Enterprise Linux operating system must be configured so that the SSH private host key files have mode 0600 or less permissive.
Cat II
RHEL-07-040430
V-204598
The Red Hat Enterprise Linux operating system must be configured so that the SSH daemon does not permit Generic Security Service Application Program Interface (GSSAPI) authentication unless needed.
Cat II
RHEL-07-040440
V-204599
The Red Hat Enterprise Linux operating system must be configured so that the SSH daemon does not permit Kerberos authentication unless needed.
Cat II
RHEL-07-040450
V-204600
The Red Hat Enterprise Linux operating system must be configured so that the SSH daemon performs strict mode checking of home directory configuration files.
Cat II
RHEL-07-040460
V-204601
The Red Hat Enterprise Linux operating system must be configured so that the SSH daemon uses privilege separation.
Cat II
RHEL-07-040470
V-204602
The Red Hat Enterprise Linux operating system must be configured so that the SSH daemon does not allow compression or only allows compression after successful authentication.
Cat II
RHEL-07-040500
V-204603
The Red Hat Enterprise Linux operating system must, for networked systems, synchronize clocks with a server that is synchronized to one of the redundant United States Naval Observatory (USNO) time servers, a time server designated for the appropriate DoD network (NIPRNet/SIPRNet), and/or the Global Positioning System (GPS).
Cat II
RHEL-07-040520
V-204604
The Red Hat Enterprise Linux operating system must enable an application firewall, if available.
Cat II
RHEL-07-040530
V-204605
The Red Hat Enterprise Linux operating system must display the date and time of the last successful account logon upon logon.
Cat III
RHEL-07-040540
V-204606
The Red Hat Enterprise Linux operating system must not contain .shosts files.
Cat I
RHEL-07-040550
V-204607
The Red Hat Enterprise Linux operating system must not contain shosts.equiv files.
Cat I
RHEL-07-040600
V-204608
For Red Hat Enterprise Linux operating systems using DNS resolution, at least two name servers must be configured.
Cat III
RHEL-07-040610
V-204609
The Red Hat Enterprise Linux operating system must not forward Internet Protocol version 4 (IPv4) source-routed packets.
Cat II
RHEL-07-040611
V-204610
The Red Hat Enterprise Linux operating system must use a reverse-path filter for IPv4 network traffic when possible on all interfaces.
Cat II
Prev
1...
10
11
12
13
14
15
16
Next
Print
Display this benchmark in a printer-friendly format for off-line reference. This display does not include any commands.
Version Changes
If there are multiple versions of this benchmark, Xylok can display the differences between any changes in the checks.