DISA STIG Oracle Linux 6 v2r6

Audit Details

Name: DISA STIG Oracle Linux 6 v2r6

Updated: 7/27/2022

Authority: DISA STIG

Plugin: Unix

Revision: 1.1

Estimated Item Count: 380

File Details

Filename: DISA_STIG_Oracle_Linux_6_v2r6.audit

Size: 684 kB

MD5: 7cc4b89dbc6f7bc98f12cc6bb1b5f220
SHA256: f7873427c36785f9318a62f82b694942e76ec30828d76f06e3334d217e38f1c4

Audit Items

DescriptionCategories
DISA_STIG_Oracle_Linux_6_v2r6.audit from DISA Oracle Linux 6 v2r6 STIG
OL6-00-000001 - The system must use a separate file system for /tmp.

CONFIGURATION MANAGEMENT

OL6-00-000002 - The system must use a separate file system for /var.

CONFIGURATION MANAGEMENT

OL6-00-000003 - The system must use a separate file system for /var/log.

CONFIGURATION MANAGEMENT

OL6-00-000004 - The system must use a separate file system for the system audit data path.

CONFIGURATION MANAGEMENT

OL6-00-000005 - The audit system must alert designated staff members when the audit storage volume approaches capacity.

AUDIT AND ACCOUNTABILITY

OL6-00-000007 - The system must use a separate file system for user home directories.

CONFIGURATION MANAGEMENT

OL6-00-000008 - Vendor-provided cryptographic certificates must be installed to verify the integrity of system software.

CONFIGURATION MANAGEMENT

OL6-00-000009 - The Red Hat Network Service (rhnsd) service must not be running, unless it is being used to query the Oracle Unbreakable Linux Network for updates and information - CHKCONFIG

CONFIGURATION MANAGEMENT

OL6-00-000009 - The Red Hat Network Service (rhnsd) service must not be running, unless it is being used to query the Oracle Unbreakable Linux Network for updates and information - PROCESS_CHECK

CONFIGURATION MANAGEMENT

OL6-00-000010 - The Oracle Linux operating system must be a vendor-supported release.

CONFIGURATION MANAGEMENT

OL6-00-000011 - System security patches and updates must be installed and up-to-date.

SYSTEM AND INFORMATION INTEGRITY

OL6-00-000013 - The system package management tool must cryptographically verify the authenticity of system software packages during installation.

CONFIGURATION MANAGEMENT

OL6-00-000015 - The system package management tool must cryptographically verify the authenticity of all software packages during installation.

CONFIGURATION MANAGEMENT

OL6-00-000016 - A file integrity tool must be installed.

CONFIGURATION MANAGEMENT

OL6-00-000017 - The system must use a Linux Security Module at boot time.

CONFIGURATION MANAGEMENT

OL6-00-000018 - A file integrity baseline must be created.

CONFIGURATION MANAGEMENT

OL6-00-000019 - There must be no .rhosts or hosts.equiv files on the system - '/etc/hosts.equiv'

CONFIGURATION MANAGEMENT

OL6-00-000019 - There must be no .rhosts or hosts.equiv files on the system - '~/.rhosts'

CONFIGURATION MANAGEMENT

OL6-00-000020 - The system must use a Linux Security Module configured to enforce limits on system services.

CONFIGURATION MANAGEMENT

OL6-00-000021 - The Oracle Linux operating system must not contain .shosts or shosts.equiv files.

CONFIGURATION MANAGEMENT

OL6-00-000023 - The system must use a Linux Security Module configured to limit the privileges of system services.

CONFIGURATION MANAGEMENT

OL6-00-000025 - All device files must be monitored by the system Linux Security Module.

CONFIGURATION MANAGEMENT

OL6-00-000027 - The system must prevent the root account from logging in from virtual consoles.

IDENTIFICATION AND AUTHENTICATION

OL6-00-000028 - The system must prevent the root account from logging in from serial consoles.

IDENTIFICATION AND AUTHENTICATION

OL6-00-000029 - Default operating system accounts, other than root, must be locked.

CONFIGURATION MANAGEMENT

OL6-00-000030 - The system must not allow accounts configured with blank or null passwords - password-auth

CONFIGURATION MANAGEMENT

OL6-00-000030 - The system must not allow accounts configured with blank or null passwords - system-auth

CONFIGURATION MANAGEMENT

OL6-00-000031 - The /etc/passwd file must not contain password hashes.

CONFIGURATION MANAGEMENT

OL6-00-000032 - The root account must be the only account having a UID of 0.

CONFIGURATION MANAGEMENT

OL6-00-000033 - The /etc/shadow file must be owned by root.

CONFIGURATION MANAGEMENT

OL6-00-000034 - The /etc/shadow file must be group-owned by root.

CONFIGURATION MANAGEMENT

OL6-00-000035 - The /etc/shadow file must have mode 0000.

CONFIGURATION MANAGEMENT

OL6-00-000036 - The /etc/gshadow file must be owned by root.

CONFIGURATION MANAGEMENT

OL6-00-000037 - The /etc/gshadow file must be group-owned by root.

CONFIGURATION MANAGEMENT

OL6-00-000038 - The /etc/gshadow file must have mode 0000.

CONFIGURATION MANAGEMENT

OL6-00-000039 - The /etc/passwd file must be owned by root.

CONFIGURATION MANAGEMENT

OL6-00-000040 - The /etc/passwd file must be group-owned by root.

CONFIGURATION MANAGEMENT

OL6-00-000041 - The /etc/passwd file must have mode 0644 or less permissive.

CONFIGURATION MANAGEMENT

OL6-00-000042 - The /etc/group file must be owned by root.

CONFIGURATION MANAGEMENT

OL6-00-000043 - The /etc/group file must be group-owned by root.

CONFIGURATION MANAGEMENT

OL6-00-000044 - The /etc/group file must have mode 0644 or less permissive.

CONFIGURATION MANAGEMENT

OL6-00-000045 - Library files must have mode 0755 or less permissive - '/lib'

CONFIGURATION MANAGEMENT

OL6-00-000045 - Library files must have mode 0755 or less permissive - '/lib64'

CONFIGURATION MANAGEMENT

OL6-00-000045 - Library files must have mode 0755 or less permissive - '/usr/lib'

CONFIGURATION MANAGEMENT

OL6-00-000045 - Library files must have mode 0755 or less permissive - '/usr/lib64'

CONFIGURATION MANAGEMENT

OL6-00-000046 - Library files must be owned by a system account - '/lib'

CONFIGURATION MANAGEMENT

OL6-00-000046 - Library files must be owned by a system account - '/lib64'

CONFIGURATION MANAGEMENT

OL6-00-000046 - Library files must be owned by a system account - '/usr/lib'

CONFIGURATION MANAGEMENT

OL6-00-000046 - Library files must be owned by a system account - '/usr/lib64'

CONFIGURATION MANAGEMENT