DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit

Audit Details

Name: DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit

Updated: 4/25/2022

Authority: DISA STIG

Plugin: Unix

Revision: 1.16

Estimated Item Count: 958

File Details

Filename: DISA_STIG_RHEL_5_v1r18.audit

Size: 1.62 MB

MD5: b994b6db16df2716967bf95764323078
SHA256: c6ba748254d4458e6186a77902c2ad27ec9f17015f1f83783621379996279bc7

Audit Items

DescriptionCategories
DISA_STIG_RHEL_5_v1r18.audit from DISA Red Hat Enterprise Linux 5 STIG v1r18
GEN000000-LNX00320 - The system must not have special privilege accounts, such as shutdown and halt - '/etc/passwd - halt'

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

GEN000000-LNX00320 - The system must not have special privilege accounts, such as shutdown and halt - '/etc/passwd - reboot'

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

GEN000000-LNX00320 - The system must not have special privilege accounts, such as shutdown and halt - '/etc/passwd - shutdown'

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

GEN000000-LNX00320 - The system must not have special privilege accounts, such as shutdown and halt - '/etc/shadow - halt'

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

GEN000000-LNX00320 - The system must not have special privilege accounts, such as shutdown and halt - '/etc/shadow - reboot'

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

GEN000000-LNX00320 - The system must not have special privilege accounts, such as shutdown and halt - '/etc/shadow - shutdown'

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

GEN000000-LNX00360 - The X server must have the correct options enabled - '-audit = 4'

CONFIGURATION MANAGEMENT

GEN000000-LNX00360 - The X server must have the correct options enabled - '-auth'

CONFIGURATION MANAGEMENT

GEN000000-LNX00360 - The X server must have the correct options enabled - '-s <= 15'

CONFIGURATION MANAGEMENT

GEN000000-LNX00360 - The X server must have the correct options enabled - ':0 /usr/bin/X:0'

CONFIGURATION MANAGEMENT

GEN000000-LNX00380 - An X server must have none of the following options enabled: -ac, -core (except for debugging) or -nolock - '-nolock'

CONFIGURATION MANAGEMENT

GEN000000-LNX00380 - An X server must have none of the following options enabled: -ac, -core (except for debugging), or -nolock - '-ac'

CONFIGURATION MANAGEMENT

GEN000000-LNX00380 - An X server must have none of the following options enabled: -ac, -core (except for debugging), or -nolock - '-core'

CONFIGURATION MANAGEMENT

GEN000000-LNX00400 - The /etc/security/access.conf file must be owned by root.

ACCESS CONTROL, CONFIGURATION MANAGEMENT

GEN000000-LNX00420 - The /etc/security/access.conf file must have a privileged group owner.

ACCESS CONTROL, CONFIGURATION MANAGEMENT

GEN000000-LNX00440 - The /etc/security/access.conf file must have mode 0640 or less permissive.

ACCESS CONTROL, CONFIGURATION MANAGEMENT

GEN000000-LNX00450 - The /etc/security/access.conf file must not have an extended ACL.

ACCESS CONTROL, CONFIGURATION MANAGEMENT

GEN000000-LNX00480 - The /etc/sysctl.conf file must be owned by root.

ACCESS CONTROL

GEN000000-LNX00500 - The /etc/sysctl.conf file must be group-owned by root.

ACCESS CONTROL

GEN000000-LNX00520 - The /etc/sysctl.conf file must have mode 0600 or less permissive.

ACCESS CONTROL

GEN000000-LNX00530 - The /etc/sysctl.conf file must not have an extended ACL.

ACCESS CONTROL

GEN000000-LNX00560 - The Linux NFS Server must not have the insecure file locking option.

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

GEN000000-LNX00580 - The x86 CTRL-ALT-DELETE key sequence must be disabled.

CONFIGURATION MANAGEMENT

GEN000000-LNX00600 - PAM system must not grant sole access to admin privileges to the first user who logs into the console.

ACCESS CONTROL, CONFIGURATION MANAGEMENT

GEN000000-LNX00620 - The /etc/securetty file must be group-owned by root, sys, or bin.

ACCESS CONTROL

GEN000000-LNX00640 - The /etc/securetty file must be owned by root.

ACCESS CONTROL, CONFIGURATION MANAGEMENT

GEN000000-LNX00660 - The /etc/securetty file must have mode 0640 or less permissive.

ACCESS CONTROL, CONFIGURATION MANAGEMENT

GEN000000-LNX00720 - Auditing must be enabled at boot by setting a kernel parameter.

CONFIGURATION MANAGEMENT

GEN000000-LNX00800 - Use a Linux Security Module configured to limit privileges of system services - 'SELINUXTYPE = targeted or strict'

CONFIGURATION MANAGEMENT

GEN000000-LNX00800 - Use a Linux Security Module configured to limit the privileges of system services - 'SELINUX = enforcing'

CONFIGURATION MANAGEMENT

GEN000000-LNX001431 - The /etc/gshadow file must be owned by root.

ACCESS CONTROL

GEN000000-LNX001432 - The /etc/gshadow file must be group-owned by root.

ACCESS CONTROL

GEN000000-LNX001433 - The /etc/gshadow file must have mode 0400.

ACCESS CONTROL

GEN000000-LNX001434 - The /etc/gshadow file must not have an extended ACL.

ACCESS CONTROL

GEN000000-LNX001476 - The /etc/gshadow file must not contain any group password hashes.

CONFIGURATION MANAGEMENT

GEN000020 - The system must require authentication upon booting into single-user and maintenance modes.

ACCESS CONTROL

GEN000100 - The operating system must be a supported release.

SYSTEM AND INFORMATION INTEGRITY

GEN000120 - System security patches and updates must be installed and up-to-date.

SYSTEM AND INFORMATION INTEGRITY

GEN000140-2 - A file integrity baseline including cryptographic hashes must be created and maintained - '/etc/aide.conf must exist'

CONFIGURATION MANAGEMENT

GEN000140-2 - A file integrity baseline including cryptographic hashes must be created and maintained - 'cryptographic hash is used '

CONFIGURATION MANAGEMENT

GEN000140-2 - A file integrity baseline including cryptographic hashes must be created and maintained - 'database location'

CONFIGURATION MANAGEMENT

GEN000140-3 - A file integrity baseline including cryptographic hashes must be maintained - 'database has been configured'

CONFIGURATION MANAGEMENT

GEN000140-3 - A file integrity baseline including cryptographic hashes must be maintained. - '/etc/aide.conf exists'

CONFIGURATION MANAGEMENT

GEN000220 - A file integrity tool must be used at least weekly to check for unauthorized file changes.

RISK ASSESSMENT

GEN000240 - The system clock must be synchronized to an authoritative DoD time source.

AUDIT AND ACCOUNTABILITY

GEN000241 - The system clock must be synchronized continuously - 'maxpoll 10'

CONFIGURATION MANAGEMENT

GEN000241 - The system clock must be synchronized continuously.

CONFIGURATION MANAGEMENT

GEN000242 - The system must use at least two time sources for clock synchronization - '/etc/ntp.conf'

AUDIT AND ACCOUNTABILITY

GEN000242 - The system must use at least two time sources for clock synchronization - 'cron jobs'

AUDIT AND ACCOUNTABILITY