May 27, 2022 Miscellaneous- Audit deprecated.
- Metadata updated.
- References updated.
|
Apr 25, 2022 Miscellaneous- Metadata updated.
- References updated.
|
Jul 30, 2021 Miscellaneous- Metadata updated.
- References updated.
|
Jun 17, 2021 Miscellaneous- Metadata updated.
- References updated.
|
Mar 22, 2021 Functional Update- OL6-00-000050 - The system must require passwords to contain a minimum of 15 characters - /etc/pam.d/*
- OL6-00-000133 - All rsyslog-generated log files must be owned by root.
- OL6-00-000134 - All rsyslog-generated log files must be group-owned by root.
- OL6-00-000135 - All rsyslog-generated log files must have mode 0600 or less permissive.
Miscellaneous- References updated.
- Variables updated.
|
Feb 1, 2021 Miscellaneous- Metadata updated.
- References updated.
|
Oct 5, 2020 Functional Update- OL6-00-000079 - The system must limit the ability of processes to have simultaneous write and execute access to memory.
- OL6-00-000099 - The system must ignore ICMPv6 redirects by default.
- OL6-00-000103 - The system must employ a local IPv6 firewall.
- OL6-00-000106 - The operating system must connect to external networks or information systems only through managed IPv6 interfaces consisting of boundary protection devices arranged in accordance with an organizational security architecture.
- OL6-00-000107 - The operating system must prevent public IPv6 access into an organizations internal networks, except as appropriately mediated by managed interfaces employing boundary protection devices.
- OL6-00-000165 - The audit system must be configured to audit all attempts to alter system time through adjtimex - b64
- OL6-00-000167 - The audit system must be configured to audit all attempts to alter system time through settimeofday - b64
- OL6-00-000171 - The audit system must be configured to audit all attempts to alter system time through clock_settime - b64
- OL6-00-000182 - The audit system must be configured to audit modifications to the systems network configuration - 'setdomainname'
- OL6-00-000182 - The audit system must be configured to audit modifications to the systems network configuration - 'sethostname'
- OL6-00-000184 - The audit system must be configured to audit all discretionary access control permission modifications using chmod - b64 auid=0
- OL6-00-000184 - The audit system must be configured to audit all discretionary access control permission modifications using chmod - b64 auid>=500
- OL6-00-000185 - The audit system must be configured to audit all discretionary access control permission modifications using chown - b64 auid=0
- OL6-00-000185 - The audit system must be configured to audit all discretionary access control permission modifications using chown - b64 auid>=500
- OL6-00-000186 - The audit system must be configured to audit all discretionary access control permission modifications using fchmod - b64 auid=0
- OL6-00-000186 - The audit system must be configured to audit all discretionary access control permission modifications using fchmod - b64 auid>=500
- OL6-00-000187 - The audit system must be configured to audit all discretionary access control permission modifications using fchmodat - b64 auid=0
- OL6-00-000187 - The audit system must be configured to audit all discretionary access control permission modifications using fchmodat - b64 auid>=500
- OL6-00-000188 - The audit system must be configured to audit all discretionary access control permission modifications using fchown - b64 auid=0
- OL6-00-000188 - The audit system must be configured to audit all discretionary access control permission modifications using fchown - b64 auid>=500
- OL6-00-000189 - The audit system must be configured to audit all discretionary access control permission modifications using fchownat - b64 auid=0
- OL6-00-000189 - The audit system must be configured to audit all discretionary access control permission modifications using fchownat - b64 auid>=500
- OL6-00-000190 - The audit system must be configured to audit all discretionary access control permission modifications using fremovexattr - b64 auid=0
- OL6-00-000190 - The audit system must be configured to audit all discretionary access control permission modifications using fremovexattr - b64 auid>=500
- OL6-00-000191 - The audit system must be configured to audit all discretionary access control permission modifications using fsetxattr - b64 auid=0
- OL6-00-000191 - The audit system must be configured to audit all discretionary access control permission modifications using fsetxattr - b64 auid>=500
- OL6-00-000192 - The audit system must be configured to audit all discretionary access control permission modifications using lchown - b64 auid=0
- OL6-00-000192 - The audit system must be configured to audit all discretionary access control permission modifications using lchown - b64 auid>=500
- OL6-00-000193 - The audit system must be configured to audit all discretionary access control permission modifications using lremovexattr - b64 auid=0
- OL6-00-000193 - The audit system must be configured to audit all discretionary access control permission modifications using lremovexattr - b64 auid>=500
- OL6-00-000194 - The audit system must be configured to audit all discretionary access control permission modifications using lsetxattr - b64 auid=0
- OL6-00-000194 - The audit system must be configured to audit all discretionary access control permission modifications using lsetxattr - b64 auid>=500
- OL6-00-000195 - The audit system must be configured to audit all discretionary access control permission modifications using removexattr - b64 auid=0
- OL6-00-000195 - The audit system must be configured to audit all discretionary access control permission modifications using removexattr - b64 auid>=500
- OL6-00-000196 - The audit system must be configured to audit all discretionary access control permission modifications using setxattr - b64 auid=0
- OL6-00-000196 - The audit system must be configured to audit all discretionary access control permission modifications using setxattr - b64 auid>=500
- OL6-00-000197 - The audit system must be configured to audit failed attempts to access files and programs - EACCES auid=0
- OL6-00-000197 - The audit system must be configured to audit failed attempts to access files and programs - EACCES auid>=500
- OL6-00-000197 - The audit system must be configured to audit failed attempts to access files and programs - EPERM auid=0
- OL6-00-000197 - The audit system must be configured to audit failed attempts to access files and programs - EPERM auid>=500
- OL6-00-000199 - The audit system must be configured to audit successful file system mounts - auid=0
- OL6-00-000199 - The audit system must be configured to audit successful file system mounts - auid>=500
- OL6-00-000200 - The audit system must be configured to audit user deletions of files and programs - 'rename' auid=0
- OL6-00-000200 - The audit system must be configured to audit user deletions of files and programs - 'rename' auid>=500
- OL6-00-000200 - The audit system must be configured to audit user deletions of files and programs - 'renameat' auid=0
- OL6-00-000200 - The audit system must be configured to audit user deletions of files and programs - 'renameat' auid>=500
- OL6-00-000200 - The audit system must be configured to audit user deletions of files and programs - 'rmdir' auid=0
- OL6-00-000200 - The audit system must be configured to audit user deletions of files and programs - 'rmdir' auid>=500
- OL6-00-000200 - The audit system must be configured to audit user deletions of files and programs - 'unlink' auid=0
- OL6-00-000200 - The audit system must be configured to audit user deletions of files and programs - 'unlink' auid>=500
- OL6-00-000200 - The audit system must be configured to audit user deletions of files and programs - 'unlinkat' auid=0
- OL6-00-000200 - The audit system must be configured to audit user deletions of files and programs - 'unlinkat' auid>=500
- OL6-00-000202 - The audit system must be configured to audit the loading and unloading of dynamic kernel modules - delete_module
- OL6-00-000202 - The audit system must be configured to audit the loading and unloading of dynamic kernel modules - init_module
- OL6-00-000257 - The graphical desktop environment must set the idle timeout to no more than 15 minutes.
- OL6-00-000258 - The graphical desktop environment must automatically lock after 15 minutes of inactivity and the system must require user reauthentication to unlock the environment.
- OL6-00-000259 - The graphical desktop environment must have automatic lock enabled.
- OL6-00-000260 - The system must display a publicly-viewable pattern during a graphical desktop environment session lock.
- OL6-00-000324 - A login banner must be displayed immediately prior to, or as part of, graphical desktop environment login prompts.
- OL6-00-000326 - The Department of Defense (DoD) login banner must be displayed immediately prior to, or as part of, graphical desktop environment login prompts.
- OL6-00-000338 - The TFTP daemon must operate in secure mode which provides access only to a single directory on the host file system.
- OL6-00-000339 - The FTP daemon must be configured for logging or verbose mode - 'log_ftp_protocol'
- OL6-00-000339 - The FTP daemon must be configured for logging or verbose mode - 'xferlog_enable'
- OL6-00-000339 - The FTP daemon must be configured for logging or verbose mode - 'xferlog_std_format'
- OL6-00-000348 - The FTPS/FTP service on the system must be configured with the Department of Defense (DoD) login banner.
- OL6-00-000508 - The system must allow locking of graphical desktop sessions.
- OL6-00-000523 - The systems local IPv6 firewall must implement a deny-all, allow-by-exception policy for inbound packets.
- OL6-00-000527 - The login user list must be disabled.
- OL6-00-000534 - The Oracle Linux 6 operating system must implement NIST FIPS-validated cryptography for the following: to provision digital signatures, to generate cryptographic hashes, and to protect data requiring data-at-rest protections in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.
|
Sep 29, 2020 |
