DISA Oracle Linux 9 STIG v1r2

Audit Details

Name: DISA Oracle Linux 9 STIG v1r2

Updated: 9/16/2025

Authority: DISA STIG

Plugin: Unix

Revision: 1.0

Estimated Item Count: 457

File Details

Filename: DISA_STIG_Oracle_Linux_9_v1r2.audit

Size: 1.05 MB

MD5: a6c4cc3d54eaa2aa82762bddcbd8e2f6
SHA256: 40a6ad24a2a898a653fa03ba5e5065e7c9b1e79f93f8c074fb0aae2d2bfb856f

Audit Items

DescriptionCategories
DISA_Oracle_Linux_9_STIG_v1r2.audit from DISA Oracle Linux 9 STIG v1r2
OL09-00-000001 - The OL 9 operating system must implement cryptographic mechanisms to prevent unauthorized modification of all information at rest.

SYSTEM AND COMMUNICATIONS PROTECTION

OL09-00-000002 - OL 9 must use a separate file system for the system audit data path.

AUDIT AND ACCOUNTABILITY

OL09-00-000003 - OL 9 must be configured so that a separate file system must be used for user home directories (such as /home or an equivalent).

CONFIGURATION MANAGEMENT

OL09-00-000004 - OL 9 must use a separate file system for /tmp.

CONFIGURATION MANAGEMENT

OL09-00-000005 - OL 9 must use a separate file system for /var.

CONFIGURATION MANAGEMENT

OL09-00-000006 - OL 9 must use a separate file system for /var/log.

CONFIGURATION MANAGEMENT

OL09-00-000007 - OL 9 must use a separate file system for /var/tmp.

CONFIGURATION MANAGEMENT

OL09-00-000010 - OL 9 must be a vendor supported release.

SYSTEM AND INFORMATION INTEGRITY

OL09-00-000015 - OL 9 vendor packaged system security patches and updates must be installed and up to date.

CONFIGURATION MANAGEMENT

OL09-00-000020 - OL 9 must be configured so that the graphical display manager is not the default target unless approved.

CONFIGURATION MANAGEMENT

OL09-00-000025 - OL 9 must require authentication to access emergency mode.

ACCESS CONTROL

OL09-00-000030 - OL 9 must require authentication to access single-user mode.

ACCESS CONTROL

OL09-00-000040 - OL 9 must be configured to disable the Asynchronous Transfer Mode (ATM) kernel module.

CONFIGURATION MANAGEMENT

OL09-00-000041 - OL 9 must be configured to disable the Controller Area Network (CAN) kernel module.

CONFIGURATION MANAGEMENT

OL09-00-000042 - OL 9 must be configured to disable the FireWire kernel module.

CONFIGURATION MANAGEMENT

OL09-00-000043 - OL 9 must disable the Stream Control Transmission Protocol (SCTP) kernel module.

CONFIGURATION MANAGEMENT

OL09-00-000044 - OL 9 must disable the Transparent Inter Process Communication (TIPC) kernel module.

CONFIGURATION MANAGEMENT

OL09-00-000045 - OL 9 must disable mounting of cramfs.

CONFIGURATION MANAGEMENT

OL09-00-000046 - OL 9 Bluetooth must be disabled.

ACCESS CONTROL, CONFIGURATION MANAGEMENT

OL09-00-000047 - OL 9 must be configured to disable USB mass storage.

IDENTIFICATION AND AUTHENTICATION

OL09-00-000050 - OL 9 must require a unique superuser's name upon booting into single-user and maintenance modes.

ACCESS CONTROL

OL09-00-000060 - OL 9 must use a Linux Security Module configured to enforce limits on system services.

SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

OL09-00-000065 - OL 9 must enable the SELinux targeted policy.

SYSTEM AND INFORMATION INTEGRITY

OL09-00-000070 - OL 9 must enable FIPS mode.

ACCESS CONTROL, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION

OL09-00-000090 - OL 9 must display the Standard Mandatory DOD Notice and Consent Banner before granting local or remote access to the system via a command line user logon.

ACCESS CONTROL

OL09-00-000100 - OL 9 must not have the nfs-utils package installed.

CONFIGURATION MANAGEMENT

OL09-00-000105 - OL 9 must not have the rsh-server package installed.

CONFIGURATION MANAGEMENT

OL09-00-000110 - OL 9 must not have the telnet-server package installed.

CONFIGURATION MANAGEMENT

OL09-00-000115 - OL 9 must not have the gssproxy package installed.

CONFIGURATION MANAGEMENT

OL09-00-000120 - OL 9 must not have the iprutils package installed.

CONFIGURATION MANAGEMENT

OL09-00-000125 - OL 9 must not have the tuned package installed.

CONFIGURATION MANAGEMENT

OL09-00-000130 - OL 9 must not have a File Transfer Protocol (FTP) server package installed.

CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION

OL09-00-000135 - OL 9 must not have a Trivial File Transfer Protocol (TFTP) server package installed.

CONFIGURATION MANAGEMENT

OL09-00-000140 - OL 9 must not have the quagga package installed.

CONFIGURATION MANAGEMENT

OL09-00-000145 - OL 9 must not have a graphical display manager installed unless approved.

CONFIGURATION MANAGEMENT

OL09-00-000150 - OL 9 must not have the sendmail package installed.

CONFIGURATION MANAGEMENT

OL09-00-000200 - OL 9 must have policycoreutils package installed.

SYSTEM AND COMMUNICATIONS PROTECTION

OL09-00-000210 - OL 9 policycoreutils-python-utils package must be installed.

CONFIGURATION MANAGEMENT

OL09-00-000220 - OL 9 must have the firewalld package installed.

ACCESS CONTROL, CONFIGURATION MANAGEMENT

OL09-00-000221 - OL 9 must be configured so that the firewalld service is active.

ACCESS CONTROL, CONFIGURATION MANAGEMENT

OL09-00-000222 - OL 9 must be configured to prohibit or restrict the use of functions, ports, protocols, and/or services, as defined in the Ports, Protocols, and Services Management (PPSM) Category Assignments List (CAL) and vulnerability assessments.

CONFIGURATION MANAGEMENT

OL09-00-000223 - OL 9 must control remote access methods.

ACCESS CONTROL, CONFIGURATION MANAGEMENT

OL09-00-000224 - OL 9 must be configured so that the firewall employs a deny-all, allow-by-exception policy for allowing connections to other systems.

CONFIGURATION MANAGEMENT

OL09-00-000230 - OL 9 must have the sudo package installed.

ACCESS CONTROL

OL09-00-000231 - OL 9 must use the invoking user's password for privilege escalation when using sudo.

CONFIGURATION MANAGEMENT

OL09-00-000232 - OL 9 must restrict privilege elevation to authorized personnel.

CONFIGURATION MANAGEMENT

OL09-00-000240 - OL 9 must have the crypto-policies package installed.

MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION

OL09-00-000241 - OL 9 must implement a FIPS 140-3 compliant system-wide cryptographic policy.

MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION

OL09-00-000242 - OL 9 must not allow the cryptographic policy to be overridden.

MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION