CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG

Audit Details

Name: CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG

Updated: 10/3/2023

Authority: CIS

Plugin: Unix

Revision: 1.14

Estimated Item Count: 354

File Details

Filename: CIS_Red_Hat_EL7_STIG_v2.0.0_STIG.audit

Size: 1.14 MB

MD5: 2386574a5f2026ab29465418307d86a5
SHA256: 0bccb3378985f5ef3d07db1435d7b5929d54d08896d66687c29600954396c2c2

Audit Items

DescriptionCategories
1.1.2 Ensure /tmp is configured - or equivalent.

CONFIGURATION MANAGEMENT

1.1.7 Ensure noexec option set on /dev/shm partition - fstab

CONFIGURATION MANAGEMENT

1.1.7 Ensure noexec option set on /dev/shm partition - mount

CONFIGURATION MANAGEMENT

1.1.8 Ensure nodev option set on /dev/shm partition - fstab

CONFIGURATION MANAGEMENT

1.1.8 Ensure nodev option set on /dev/shm partition - mount

CONFIGURATION MANAGEMENT

1.1.9 Ensure nosuid option set on /dev/shm partition - fstab

CONFIGURATION MANAGEMENT

1.1.9 Ensure nosuid option set on /dev/shm partition - mount

CONFIGURATION MANAGEMENT

1.1.10 Ensure separate partition exists for /var

CONFIGURATION MANAGEMENT

1.1.16 Ensure separate partition exists for /var/log/audit

CONFIGURATION MANAGEMENT

1.1.19 Ensure nosuid is set on users' home directories.

CONFIGURATION MANAGEMENT

1.1.22 Ensure nosuid option set on removable media partitions

CONFIGURATION MANAGEMENT

1.1.23 Ensure noexec option is configured for NFS - NFS.

CONFIGURATION MANAGEMENT

1.1.24 Ensure nosuid option is set for NFS - NFS.

CONFIGURATION MANAGEMENT

1.1.26 Ensure all world-writable directories are group-owned.

CONFIGURATION MANAGEMENT

1.1.27 Disable Automounting

CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION

1.1.28 Disable USB Storage - /bin/true

CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION

1.1.28 Disable USB Storage - blacklist

CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION

1.2.3 Ensure gpgcheck is globally activated - CA that is recognized and approved by the organization.

CONFIGURATION MANAGEMENT

1.2.6 Ensure software packages have been digitally signed by a Certificate Authority (CA) - CA that is recognized and approved by the organization.

CONFIGURATION MANAGEMENT

1.2.7 Ensure removal of software components after update

SYSTEM AND INFORMATION INTEGRITY

1.2.8 Ensure the version of the operating system is an active vendor supported release

CONFIGURATION MANAGEMENT

1.3.1 Ensure AIDE is installed

CONFIGURATION MANAGEMENT

1.3.2 Ensure filesystem integrity is regularly checked - aide

CONFIGURATION MANAGEMENT

1.3.2 Ensure filesystem integrity is regularly checked - cron

CONFIGURATION MANAGEMENT

1.3.2 Ensure filesystem integrity is regularly checked - mail

CONFIGURATION MANAGEMENT

1.3.3 Ensure AIDE is configured to verify ACLs - config

CONFIGURATION MANAGEMENT

1.3.3 Ensure AIDE is configured to verify ACLs - installed

CONFIGURATION MANAGEMENT

1.3.4 Ensure AIDE is configured to verify XATTRS - config

CONFIGURATION MANAGEMENT

1.3.4 Ensure AIDE is configured to verify XATTRS - installed

CONFIGURATION MANAGEMENT

1.3.5 Ensure AIDE is configured to use FIPS 140-2 - installed

CONFIGURATION MANAGEMENT

1.3.5 Ensure AIDE is configured to use FIPS 140-2 - sha512

CONFIGURATION MANAGEMENT

1.4.1 Ensure bootloader password is set - password efi grub

ACCESS CONTROL

1.4.1 Ensure bootloader password is set - password efi user

ACCESS CONTROL

1.4.1 Ensure bootloader password is set - password grub

ACCESS CONTROL

1.4.1 Ensure bootloader password is set - password user

ACCESS CONTROL

1.4.1 Ensure bootloader password is set - superusers efi

ACCESS CONTROL

1.4.1 Ensure bootloader password is set - superusers grub

ACCESS CONTROL

1.4.3 Ensure authentication required for single user mode

ACCESS CONTROL

1.4.4 Ensure boot loader does not allow removable media

CONFIGURATION MANAGEMENT

1.4.5 Ensure version 7.2 or newer booted with a BIOS have a unique name for the grub superusers account

ACCESS CONTROL

1.4.6 Ensure version 7.2 or newer booted with UEFI have a unique name for the grub superusers account - UEFI must have a unique name for the grub superusers account when booting into single-user mode and maintenance.

ACCESS CONTROL

1.5.3 Ensure address space layout randomization (ASLR) is enabled - config

CONFIGURATION MANAGEMENT

1.5.3 Ensure address space layout randomization (ASLR) is enabled - sysctl

CONFIGURATION MANAGEMENT

1.5.5 Ensure number of concurrent sessions is limited

ACCESS CONTROL

1.5.6 Ensure the Ctrl-Alt-Delete key sequence is disabled - inactive

CONFIGURATION MANAGEMENT

1.5.6 Ensure the Ctrl-Alt-Delete key sequence is disabled - target

CONFIGURATION MANAGEMENT

1.5.7 Ensure kernel core dumps are disabled.

CONFIGURATION MANAGEMENT

1.5.8 Ensure DNS is servers are configured - immutable

CONFIGURATION MANAGEMENT

1.5.8 Ensure DNS is servers are configured - nameserver 1

CONFIGURATION MANAGEMENT

1.5.8 Ensure DNS is servers are configured - nameserver 2

CONFIGURATION MANAGEMENT