DISA Red Hat Enterprise Linux 7 STIG v3r9

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: DISA Red Hat Enterprise Linux 7 STIG v3r9

Updated: 4/12/2023

Authority: Operating Systems and Applications

Plugin: Unix

Revision: 1.6

Estimated Item Count: 320

Audit Changelog

 
Revision 1.6

Apr 12, 2023

Miscellaneous
  • Metadata updated.
  • Platform check updated.
  • Variables updated.
Revision 1.5

Apr 3, 2023

Functional Update
  • RHEL-07-010483 - Red Hat Enterprise Linux operating systems version 7.2 or newer booted with a BIOS must have a unique name for the grub superusers account when booting into single-user and maintenance modes.
  • RHEL-07-020023 - The Red Hat Enterprise Linux operating system must elevate the SELinux context when an administrator calls the sudo command.
  • RHEL-07-020111 - The Red Hat Enterprise Linux operating system must disable the graphical user interface automounter unless required - automount
  • RHEL-07-020111 - The Red Hat Enterprise Linux operating system must disable the graphical user interface automounter unless required - automount-open
  • RHEL-07-020111 - The Red Hat Enterprise Linux operating system must disable the graphical user interface automounter unless required - automount-open=false
  • RHEL-07-020111 - The Red Hat Enterprise Linux operating system must disable the graphical user interface automounter unless required - automount=false
  • RHEL-07-020111 - The Red Hat Enterprise Linux operating system must disable the graphical user interface automounter unless required - autorun-never
  • RHEL-07-020111 - The Red Hat Enterprise Linux operating system must disable the graphical user interface automounter unless required - autorun-never=true
  • RHEL-07-020630 - The Red Hat Enterprise Linux operating system must be configured so that all local interactive user home directories have mode 0750 or less permissive.
  • RHEL-07-021040 - The Red Hat Enterprise Linux operating system must set the umask value to 077 for all local interactive user accounts.
  • RHEL-07-021300 - The Red Hat Enterprise Linux operating system must disable Kernel core dumps unless needed.
  • RHEL-07-030630 - The Red Hat Enterprise Linux operating system must audit all uses of the passwd command.
  • RHEL-07-030640 - The Red Hat Enterprise Linux operating system must audit all uses of the unix_chkpwd command.
  • RHEL-07-040160 - The Red Hat Enterprise Linux operating system must be configured so that all network connections associated with a communication session are terminated at the end of the session or after 15 minutes of inactivity from the user at a command prompt, except to fulfill documented and validated mission requirements.
Revision 1.4

Mar 20, 2023

Functional Update
  • RHEL-07-040350 - The Red Hat Enterprise Linux operating system must be configured so that the SSH daemon does not allow authentication using rhosts authentication.
Miscellaneous
  • Metadata updated.
Revision 1.3

Mar 3, 2023

Miscellaneous
  • Audit deprecated.
  • Metadata updated.
  • References updated.
Revision 1.2

Jan 4, 2023

Functional Update
  • RHEL-07-010339 - The Red Hat Enterprise Linux operating system must specify the default 'include' directory for the /etc/sudoers file - sudoers
  • RHEL-07-010339 - The Red Hat Enterprise Linux operating system must specify the default 'include' directory for the /etc/sudoers file - sudoers.d/
  • RHEL-07-020019 - The Red Hat Enterprise Linux operating system must implement the Endpoint Security for Linux Threat Prevention tool - mcafeetp package
  • RHEL-07-040380 - The Red Hat Enterprise Linux operating system must be configured so that the SSH daemon does not allow authentication using known hosts authentication.
  • RHEL-07-040430 - The Red Hat Enterprise Linux operating system must be configured so that the SSH daemon does not permit Generic Security Service Application Program Interface (GSSAPI) authentication unless needed.
  • RHEL-07-040450 - The Red Hat Enterprise Linux operating system must be configured so that the SSH daemon performs strict mode checking of home directory configuration files.
  • RHEL-07-040600 - For Red Hat Enterprise Linux operating systems using DNS resolution, at least two name servers must be configured - nameserver 1
  • RHEL-07-040600 - For Red Hat Enterprise Linux operating systems using DNS resolution, at least two name servers must be configured - nameserver 2
Informational Update
  • RHEL-07-010339 - The Red Hat Enterprise Linux operating system must specify the default 'include' directory for the /etc/sudoers file - sudoers
  • RHEL-07-010339 - The Red Hat Enterprise Linux operating system must specify the default 'include' directory for the /etc/sudoers file - sudoers.d/
Miscellaneous
  • Metadata updated.
Revision 1.1

Dec 7, 2022

Miscellaneous
  • Variables updated.