Detections
Analytics

DISA Oracle Linux 9 STIG v1r2

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: DISA Oracle Linux 9 STIG v1r2

Updated: 12/19/2025

Authority: DISA STIG

Plugin: Unix

Revision: 1.2

Estimated Item Count: 457

File Details

Filename: DISA_STIG_Oracle_Linux_9_v1r2.audit

Size: 839 kB

MD5: 9c87d8b44e2be3748a012824cc1ea7d5
SHA256: 320b578d320b6211af5cf65af028edf46e91feb1c28fbb6c77b6a3e3c443f7bb

Audit Items

DescriptionCategories
DISA_Oracle_Linux_9_STIG_v1r2.audit from DISA Oracle Linux 9 STIG v1r2
OL09-00-000001 - The OL 9 operating system must implement cryptographic mechanisms to prevent unauthorized modification of all information at rest.
OL09-00-000002 - OL 9 must use a separate file system for the system audit data path.
OL09-00-000003 - OL 9 must be configured so that a separate file system must be used for user home directories (such as /home or an equivalent).
OL09-00-000004 - OL 9 must use a separate file system for /tmp.
OL09-00-000005 - OL 9 must use a separate file system for /var.
OL09-00-000006 - OL 9 must use a separate file system for /var/log.
OL09-00-000007 - OL 9 must use a separate file system for /var/tmp.
OL09-00-000010 - OL 9 must be a vendor supported release.
OL09-00-000015 - OL 9 vendor packaged system security patches and updates must be installed and up to date.
OL09-00-000020 - OL 9 must be configured so that the graphical display manager is not the default target unless approved.
OL09-00-000025 - OL 9 must require authentication to access emergency mode.
OL09-00-000030 - OL 9 must require authentication to access single-user mode.
OL09-00-000040 - OL 9 must be configured to disable the Asynchronous Transfer Mode (ATM) kernel module.
OL09-00-000041 - OL 9 must be configured to disable the Controller Area Network (CAN) kernel module.
OL09-00-000042 - OL 9 must be configured to disable the FireWire kernel module.
OL09-00-000043 - OL 9 must disable the Stream Control Transmission Protocol (SCTP) kernel module.
OL09-00-000044 - OL 9 must disable the Transparent Inter Process Communication (TIPC) kernel module.
OL09-00-000045 - OL 9 must disable mounting of cramfs.
OL09-00-000046 - OL 9 Bluetooth must be disabled.
OL09-00-000047 - OL 9 must be configured to disable USB mass storage.
OL09-00-000050 - OL 9 must require a unique superuser's name upon booting into single-user and maintenance modes.
OL09-00-000060 - OL 9 must use a Linux Security Module configured to enforce limits on system services.
OL09-00-000065 - OL 9 must enable the SELinux targeted policy.
OL09-00-000070 - OL 9 must enable FIPS mode.
OL09-00-000090 - OL 9 must display the Standard Mandatory DOD Notice and Consent Banner before granting local or remote access to the system via a command line user logon.
OL09-00-000100 - OL 9 must not have the nfs-utils package installed.
OL09-00-000105 - OL 9 must not have the rsh-server package installed.
OL09-00-000110 - OL 9 must not have the telnet-server package installed.
OL09-00-000115 - OL 9 must not have the gssproxy package installed.
OL09-00-000120 - OL 9 must not have the iprutils package installed.
OL09-00-000125 - OL 9 must not have the tuned package installed.
OL09-00-000130 - OL 9 must not have a File Transfer Protocol (FTP) server package installed.
OL09-00-000135 - OL 9 must not have a Trivial File Transfer Protocol (TFTP) server package installed.
OL09-00-000140 - OL 9 must not have the quagga package installed.
OL09-00-000145 - OL 9 must not have a graphical display manager installed unless approved.
OL09-00-000150 - OL 9 must not have the sendmail package installed.
OL09-00-000200 - OL 9 must have policycoreutils package installed.
OL09-00-000210 - OL 9 policycoreutils-python-utils package must be installed.
OL09-00-000220 - OL 9 must have the firewalld package installed.
OL09-00-000221 - OL 9 must be configured so that the firewalld service is active.
OL09-00-000222 - OL 9 must be configured to prohibit or restrict the use of functions, ports, protocols, and/or services, as defined in the Ports, Protocols, and Services Management (PPSM) Category Assignments List (CAL) and vulnerability assessments.
OL09-00-000223 - OL 9 must control remote access methods.
OL09-00-000224 - OL 9 must be configured so that the firewall employs a deny-all, allow-by-exception policy for allowing connections to other systems.
OL09-00-000230 - OL 9 must have the sudo package installed.
OL09-00-000231 - OL 9 must use the invoking user's password for privilege escalation when using sudo.
OL09-00-000232 - OL 9 must restrict privilege elevation to authorized personnel.
OL09-00-000240 - OL 9 must have the crypto-policies package installed.
OL09-00-000241 - OL 9 must implement a FIPS 140-3 compliant system-wide cryptographic policy.
OL09-00-000242 - OL 9 must not allow the cryptographic policy to be overridden.