DISA_STIG_Red_Hat_Enterprise_Linux_7_v3r10.audit from DISA Red Hat Enterprise Linux 7 v3r10 STIG

RHEL-07-010010 - The Red Hat Enterprise Linux operating system must be configured so that the file permissions, ownership, and group membership of system files and commands match the vendor values.

CAT|I

CCI|CCI-001494

CCI|CCI-001496

CCI|CCI-002165

CCI|CCI-002235

Rule-ID|SV-204392r880752_rule

STIG-ID|RHEL-07-010010

STIG-Legacy|SV-86473

STIG-Legacy|V-71849

Vuln-ID|V-204392

RHEL-07-010020 - The Red Hat Enterprise Linux operating system must be configured so that the cryptographic hash of system files and commands matches vendor values.

CCI|CCI-001749

Rule-ID|SV-214799r854001_rule

STIG-ID|RHEL-07-010020

STIG-Legacy|SV-86479

STIG-Legacy|V-71855

Vuln-ID|V-214799

RHEL-07-010030 - The Red Hat Enterprise Linux operating system must display the Standard Mandatory DoD Notice and Consent Banner before granting local or remote access to the system via a graphical user logon.

CAT|II

CCI|CCI-000048

Rule-ID|SV-204393r603261_rule

STIG-ID|RHEL-07-010030

STIG-Legacy|SV-86483

STIG-Legacy|V-71859

Vuln-ID|V-204393

RHEL-07-010040 - The Red Hat Enterprise Linux operating system must display the approved Standard Mandatory DoD Notice and Consent Banner before granting local or remote access to the system via a graphical user logon.

Rule-ID|SV-204394r603261_rule

STIG-ID|RHEL-07-010040

STIG-Legacy|SV-86485

STIG-Legacy|V-71861

Vuln-ID|V-204394

RHEL-07-010050 - The Red Hat Enterprise Linux operating system must display the Standard Mandatory DoD Notice and Consent Banner before granting local or remote access to the system via a command line user logon.

Rule-ID|SV-204395r603261_rule

STIG-ID|RHEL-07-010050

STIG-Legacy|SV-86487

STIG-Legacy|V-71863

Vuln-ID|V-204395

RHEL-07-010060 - The Red Hat Enterprise Linux operating system must enable a user session lock until that user re-establishes access using established identification and authentication procedures.

CCI|CCI-000056

Rule-ID|SV-204396r880746_rule

STIG-ID|RHEL-07-010060

STIG-Legacy|SV-86515

STIG-Legacy|V-71891

Vuln-ID|V-204396

RHEL-07-010061 - The Red Hat Enterprise Linux operating system must uniquely identify and must authenticate users using multifactor authentication via a graphical user logon.

CCI|CCI-001948

CCI|CCI-001953

CCI|CCI-001954

Rule-ID|SV-204397r853879_rule

STIG-ID|RHEL-07-010061

STIG-Legacy|SV-92515

STIG-Legacy|V-77819

Vuln-ID|V-204397

RHEL-07-010062 - The Red Hat Enterprise Linux operating system must prevent a user from overriding the screensaver lock-enabled setting for the graphical user interface.

CCI|CCI-000057

Rule-ID|SV-214937r880767_rule

STIG-ID|RHEL-07-010062

STIG-Legacy|SV-93701

STIG-Legacy|V-78995

Vuln-ID|V-214937

RHEL-07-010070 - The Red Hat Enterprise Linux operating system must initiate a screensaver after a 15-minute period of inactivity for graphical user interfaces.

Rule-ID|SV-204398r880770_rule

STIG-ID|RHEL-07-010070

STIG-Legacy|SV-86517

STIG-Legacy|V-71893

Vuln-ID|V-204398

RHEL-07-010081 - The Red Hat Enterprise Linux operating system must prevent a user from overriding the screensaver lock-delay setting for the graphical user interface.

Rule-ID|SV-204399r880773_rule

STIG-ID|RHEL-07-010081

STIG-Legacy|SV-87807

STIG-Legacy|V-73155

Vuln-ID|V-204399

RHEL-07-010082 - The Red Hat Enterprise Linux operating system must prevent a user from overriding the session idle-delay setting for the graphical user interface.

Rule-ID|SV-204400r880776_rule

STIG-ID|RHEL-07-010082

STIG-Legacy|SV-87809

STIG-Legacy|V-73157

Vuln-ID|V-204400

RHEL-07-010090 - The Red Hat Enterprise Linux operating system must have the screen package installed.

Rule-ID|SV-255926r880779_rule

STIG-ID|RHEL-07-010090

Vuln-ID|V-255926

RHEL-07-010100 - The Red Hat Enterprise Linux operating system must initiate a session lock for the screensaver after a period of inactivity for graphical user interfaces.

Rule-ID|SV-204402r880782_rule

STIG-ID|RHEL-07-010100

STIG-Legacy|SV-86523

STIG-Legacy|V-71899

Vuln-ID|V-204402

RHEL-07-010101 - The Red Hat Enterprise Linux operating system must prevent a user from overriding the screensaver idle-activation-enabled setting for the graphical user interface.

Rule-ID|SV-204403r880785_rule

STIG-ID|RHEL-07-010101

STIG-Legacy|SV-93703

STIG-Legacy|V-78997

Vuln-ID|V-204403

RHEL-07-010110 - The Red Hat Enterprise Linux operating system must initiate a session lock for graphical user interfaces when the screensaver is activated.

Rule-ID|SV-204404r880788_rule

STIG-ID|RHEL-07-010110

STIG-Legacy|SV-86525

STIG-Legacy|V-71901

Vuln-ID|V-204404

RHEL-07-010118 - The Red Hat Enterprise Linux operating system must be configured so that /etc/pam.d/passwd implements /etc/pam.d/system-auth when changing passwords.

CCI|CCI-000192

Rule-ID|SV-204405r603261_rule

STIG-ID|RHEL-07-010118

STIG-Legacy|SV-95715

STIG-Legacy|V-81003

Vuln-ID|V-204405

RHEL-07-010119 - The Red Hat Enterprise Linux operating system must be configured so that when passwords are changed or new passwords are established, pwquality must be used.

Rule-ID|SV-204406r603261_rule

STIG-ID|RHEL-07-010119

STIG-Legacy|SV-87811

STIG-Legacy|V-73159

Vuln-ID|V-204406

RHEL-07-010120 - The Red Hat Enterprise Linux operating system must be configured so that when passwords are changed or new passwords are established, the new password must contain at least one upper-case character.

Rule-ID|SV-204407r603261_rule

STIG-ID|RHEL-07-010120

STIG-Legacy|SV-86527

STIG-Legacy|V-71903

Vuln-ID|V-204407

RHEL-07-010130 - The Red Hat Enterprise Linux operating system must be configured so that when passwords are changed or new passwords are established, the new password must contain at least one lower-case character.

CCI|CCI-000193

Rule-ID|SV-204408r603261_rule

STIG-ID|RHEL-07-010130

STIG-Legacy|SV-86529

STIG-Legacy|V-71905

Vuln-ID|V-204408

RHEL-07-010140 - The Red Hat Enterprise Linux operating system must be configured so that when passwords are changed or new passwords are assigned, the new password must contain at least one numeric character.

CCI|CCI-000194

Rule-ID|SV-204409r603261_rule

STIG-ID|RHEL-07-010140

STIG-Legacy|SV-86531

STIG-Legacy|V-71907

Vuln-ID|V-204409

RHEL-07-010150 - The Red Hat Enterprise Linux operating system must be configured so that when passwords are changed or new passwords are established, the new password must contain at least one special character.

CCI|CCI-001619

Rule-ID|SV-204410r603261_rule

STIG-ID|RHEL-07-010150

STIG-Legacy|SV-86533

STIG-Legacy|V-71909

Vuln-ID|V-204410

RHEL-07-010160 - The Red Hat Enterprise Linux operating system must be configured so that when passwords are changed a minimum of eight of the total number of characters must be changed.

CCI|CCI-000195

Rule-ID|SV-204411r603261_rule

STIG-ID|RHEL-07-010160

STIG-Legacy|SV-86535

STIG-Legacy|V-71911

Vuln-ID|V-204411

RHEL-07-010170 - The Red Hat Enterprise Linux operating system must be configured so that when passwords are changed a minimum of four character classes must be changed.

Rule-ID|SV-204412r603261_rule

STIG-ID|RHEL-07-010170

STIG-Legacy|SV-86537

STIG-Legacy|V-71913

Vuln-ID|V-204412

RHEL-07-010180 - The Red Hat Enterprise Linux operating system must be configured so that when passwords are changed the number of repeating consecutive characters must not be more than three characters.

Rule-ID|SV-204413r603261_rule

STIG-ID|RHEL-07-010180

STIG-Legacy|SV-86539

STIG-Legacy|V-71915

Vuln-ID|V-204413

RHEL-07-010190 - The Red Hat Enterprise Linux operating system must be configured so that when passwords are changed the number of repeating characters of the same character class must not be more than four characters.

Rule-ID|SV-204414r809186_rule

STIG-ID|RHEL-07-010190

STIG-Legacy|SV-86541

STIG-Legacy|V-71917

Vuln-ID|V-204414

RHEL-07-010199 - The Red Hat Enterprise Linux operating system must be configured to prevent overwriting of custom authentication configuration settings by the authconfig utility - password-auth

CCI|CCI-000196

Rule-ID|SV-255928r880830_rule

STIG-ID|RHEL-07-010199

Vuln-ID|V-255928

RHEL-07-010199 - The Red Hat Enterprise Linux operating system must be configured to prevent overwriting of custom authentication configuration settings by the authconfig utility - system-auth

RHEL-07-010200 - The Red Hat Enterprise Linux operating system must be configured so that the PAM system service is configured to store only encrypted representations of passwords - password-auth

Rule-ID|SV-204415r880833_rule

STIG-ID|RHEL-07-010200

STIG-Legacy|SV-86543

STIG-Legacy|V-71919

Vuln-ID|V-204415

RHEL-07-010200 - The Red Hat Enterprise Linux operating system must be configured so that the PAM system service is configured to store only encrypted representations of passwords - system-auth

RHEL-07-010210 - The Red Hat Enterprise Linux operating system must be configured to use the shadow file to store only encrypted representations of passwords.

Rule-ID|SV-204416r877397_rule

STIG-ID|RHEL-07-010210

STIG-Legacy|SV-86545

STIG-Legacy|V-71921

Vuln-ID|V-204416

RHEL-07-010220 - The Red Hat Enterprise Linux operating system must be configured so that user and group account administration utilities are configured to store only encrypted representations of passwords.

Rule-ID|SV-204417r877397_rule

STIG-ID|RHEL-07-010220

STIG-Legacy|SV-86547

STIG-Legacy|V-71923

Vuln-ID|V-204417

RHEL-07-010230 - The Red Hat Enterprise Linux operating system must be configured so that passwords for new users are restricted to a 24 hours/1 day minimum lifetime.

CCI|CCI-000198

Rule-ID|SV-204418r603261_rule

STIG-ID|RHEL-07-010230

STIG-Legacy|SV-86549

STIG-Legacy|V-71925

Vuln-ID|V-204418

RHEL-07-010240 - The Red Hat Enterprise Linux operating system must be configured so that passwords are restricted to a 24 hours/1 day minimum lifetime.

Rule-ID|SV-204419r603261_rule

Detections

Analytics

Revision 1.9

Sep 19, 2023

Functional Update

Miscellaneous