DISA_Oracle_Linux_9_STIG_v1r2.audit from DISA Oracle Linux 9 STIG v1r2 | |
OL09-00-000001 - The OL 9 operating system must implement cryptographic mechanisms to prevent unauthorized modification of all information at rest. | SYSTEM AND COMMUNICATIONS PROTECTION |
OL09-00-000002 - OL 9 must use a separate file system for the system audit data path. | AUDIT AND ACCOUNTABILITY |
OL09-00-000003 - OL 9 must be configured so that a separate file system must be used for user home directories (such as /home or an equivalent). | CONFIGURATION MANAGEMENT |
OL09-00-000004 - OL 9 must use a separate file system for /tmp. | CONFIGURATION MANAGEMENT |
OL09-00-000005 - OL 9 must use a separate file system for /var. | CONFIGURATION MANAGEMENT |
OL09-00-000006 - OL 9 must use a separate file system for /var/log. | CONFIGURATION MANAGEMENT |
OL09-00-000007 - OL 9 must use a separate file system for /var/tmp. | CONFIGURATION MANAGEMENT |
OL09-00-000010 - OL 9 must be a vendor supported release. | SYSTEM AND INFORMATION INTEGRITY |
OL09-00-000015 - OL 9 vendor packaged system security patches and updates must be installed and up to date. | CONFIGURATION MANAGEMENT |
OL09-00-000020 - OL 9 must be configured so that the graphical display manager is not the default target unless approved. | CONFIGURATION MANAGEMENT |
OL09-00-000025 - OL 9 must require authentication to access emergency mode. | ACCESS CONTROL |
OL09-00-000030 - OL 9 must require authentication to access single-user mode. | ACCESS CONTROL |
OL09-00-000040 - OL 9 must be configured to disable the Asynchronous Transfer Mode (ATM) kernel module. | CONFIGURATION MANAGEMENT |
OL09-00-000041 - OL 9 must be configured to disable the Controller Area Network (CAN) kernel module. | CONFIGURATION MANAGEMENT |
OL09-00-000042 - OL 9 must be configured to disable the FireWire kernel module. | CONFIGURATION MANAGEMENT |
OL09-00-000043 - OL 9 must disable the Stream Control Transmission Protocol (SCTP) kernel module. | CONFIGURATION MANAGEMENT |
OL09-00-000044 - OL 9 must disable the Transparent Inter Process Communication (TIPC) kernel module. | CONFIGURATION MANAGEMENT |
OL09-00-000045 - OL 9 must disable mounting of cramfs. | CONFIGURATION MANAGEMENT |
OL09-00-000046 - OL 9 Bluetooth must be disabled. | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
OL09-00-000047 - OL 9 must be configured to disable USB mass storage. | IDENTIFICATION AND AUTHENTICATION |
OL09-00-000050 - OL 9 must require a unique superuser's name upon booting into single-user and maintenance modes. | ACCESS CONTROL |
OL09-00-000060 - OL 9 must use a Linux Security Module configured to enforce limits on system services. | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
OL09-00-000065 - OL 9 must enable the SELinux targeted policy. | SYSTEM AND INFORMATION INTEGRITY |
OL09-00-000070 - OL 9 must enable FIPS mode. | ACCESS CONTROL, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
OL09-00-000090 - OL 9 must display the Standard Mandatory DOD Notice and Consent Banner before granting local or remote access to the system via a command line user logon. | ACCESS CONTROL |
OL09-00-000100 - OL 9 must not have the nfs-utils package installed. | CONFIGURATION MANAGEMENT |
OL09-00-000105 - OL 9 must not have the rsh-server package installed. | CONFIGURATION MANAGEMENT |
OL09-00-000110 - OL 9 must not have the telnet-server package installed. | CONFIGURATION MANAGEMENT |
OL09-00-000115 - OL 9 must not have the gssproxy package installed. | CONFIGURATION MANAGEMENT |
OL09-00-000120 - OL 9 must not have the iprutils package installed. | CONFIGURATION MANAGEMENT |
OL09-00-000125 - OL 9 must not have the tuned package installed. | CONFIGURATION MANAGEMENT |
OL09-00-000130 - OL 9 must not have a File Transfer Protocol (FTP) server package installed. | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
OL09-00-000135 - OL 9 must not have a Trivial File Transfer Protocol (TFTP) server package installed. | CONFIGURATION MANAGEMENT |
OL09-00-000140 - OL 9 must not have the quagga package installed. | CONFIGURATION MANAGEMENT |
OL09-00-000145 - OL 9 must not have a graphical display manager installed unless approved. | CONFIGURATION MANAGEMENT |
OL09-00-000150 - OL 9 must not have the sendmail package installed. | CONFIGURATION MANAGEMENT |
OL09-00-000200 - OL 9 must have policycoreutils package installed. | SYSTEM AND COMMUNICATIONS PROTECTION |
OL09-00-000210 - OL 9 policycoreutils-python-utils package must be installed. | CONFIGURATION MANAGEMENT |
OL09-00-000220 - OL 9 must have the firewalld package installed. | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
OL09-00-000221 - OL 9 must be configured so that the firewalld service is active. | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
OL09-00-000222 - OL 9 must be configured to prohibit or restrict the use of functions, ports, protocols, and/or services, as defined in the Ports, Protocols, and Services Management (PPSM) Category Assignments List (CAL) and vulnerability assessments. | CONFIGURATION MANAGEMENT |
OL09-00-000223 - OL 9 must control remote access methods. | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
OL09-00-000224 - OL 9 must be configured so that the firewall employs a deny-all, allow-by-exception policy for allowing connections to other systems. | CONFIGURATION MANAGEMENT |
OL09-00-000230 - OL 9 must have the sudo package installed. | ACCESS CONTROL |
OL09-00-000231 - OL 9 must use the invoking user's password for privilege escalation when using sudo. | CONFIGURATION MANAGEMENT |
OL09-00-000232 - OL 9 must restrict privilege elevation to authorized personnel. | CONFIGURATION MANAGEMENT |
OL09-00-000240 - OL 9 must have the crypto-policies package installed. | MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
OL09-00-000241 - OL 9 must implement a FIPS 140-3 compliant system-wide cryptographic policy. | MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
OL09-00-000242 - OL 9 must not allow the cryptographic policy to be overridden. | MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |