Jan 4, 2023 Functional Update- RHEL-08-010001 - The RHEL 8 operating system must implement the Endpoint Security for Linux Threat Prevention tool.
- RHEL-08-010500 - The RHEL 8 SSH daemon must perform strict mode checking of home directory configuration files.
- RHEL-08-010520 - The RHEL 8 SSH daemon must not allow authentication using known host's authentication.
- RHEL-08-010521 - The RHEL 8 SSH daemon must not allow Kerberos authentication, except to fulfill documented and validated mission requirements.
- RHEL-08-010522 - The RHEL 8 SSH daemon must not allow GSSAPI authentication, except to fulfill documented and validated mission requirements.
- RHEL-08-010550 - RHEL 8 must not permit direct logons to the root account using remote access via SSH.
- RHEL-08-010571 - RHEL 8 must prevent files with the setuid and setgid bit set from being executed on the /boot directory.
- RHEL-08-010572 - RHEL 8 must prevent files with the setuid and setgid bit set from being executed on the /boot/efi directory.
- RHEL-08-010590 - RHEL 8 must prevent code from being executed on file systems that contain user home directories.
- RHEL-08-010680 - For RHEL 8 systems using Domain Name Servers (DNS) resolution, at least two name servers must be configured - nameserver 1
- RHEL-08-010680 - For RHEL 8 systems using Domain Name Servers (DNS) resolution, at least two name servers must be configured - nameserver 2
- RHEL-08-010700 - All RHEL 8 world-writable directories must be owned by root, sys, bin, or an application user.
- RHEL-08-010830 - RHEL 8 must not allow users to override SSH environment variables.
- RHEL-08-020024 - RHEL 8 must limit the number of concurrent sessions to ten for all accounts and/or account types.
- RHEL-08-020031 - RHEL 8 must initiate a session lock for graphical user interfaces when the screensaver is activated.
- RHEL-08-020032 - RHEL 8 must disable the user list at logon for graphical user interfaces.
- RHEL-08-020080 - RHEL 8 must prevent a user from overriding the session lock-delay setting for the graphical user interface.
- RHEL-08-020081 - RHEL 8 must prevent a user from overriding the session idle-delay setting for the graphical user interface.
- RHEL-08-020082 - RHEL 8 must prevent a user from overriding the screensaver lock-enabled setting for the graphical user interface.
- RHEL-08-020250 - RHEL 8 must implement smart card logon for multifactor authentication for access to interactive accounts - pam_sss.so
- RHEL-08-030180 - The RHEL 8 audit package must be installed.
- RHEL-08-030603 - RHEL 8 must enable Linux audit logging for the USBGuard daemon.
- RHEL-08-030700 - RHEL 8 must take appropriate action when the internal event queue is full.
- RHEL-08-040001 - RHEL 8 must not have any automated bug reporting tools installed.
- RHEL-08-040111 - RHEL 8 Bluetooth must be disabled. - disabled
- RHEL-08-040161 - RHEL 8 must force a frequent session key renegotiation for SSH connections to the server.
- RHEL-08-040170 - The x86 Ctrl-Alt-Delete key sequence must be disabled on RHEL 8.
- RHEL-08-040171 - The x86 Ctrl-Alt-Delete key sequence in RHEL 8 must be disabled if a graphical user interface is installed.
Miscellaneous- Audit deprecated.
- Metadata updated.
- References updated.
|
Dec 7, 2022 |
Nov 28, 2022 Functional Update- RHEL-08-010580 - RHEL 8 must prevent special devices on non-root local partitions.
- RHEL-08-020050 - RHEL 8 must be able to initiate directly a session lock for all connection types using smartcard when the smartcard is removed.
- RHEL-08-020300 - RHEL 8 must prevent the use of dictionary words for passwords
- RHEL-08-040240 - RHEL 8 must not forward IPv6 source-routed packets - conf files
|
Nov 14, 2022 Functional Update- RHEL-08-010580 - RHEL 8 must prevent special devices on non-root local partitions.
- RHEL-08-010673 - RHEL 8 must disable core dumps for all users.
- RHEL-08-020050 - RHEL 8 must be able to initiate directly a session lock for all connection types using smartcard when the smartcard is removed.
- RHEL-08-030200 - The RHEL 8 audit system must be configured to audit any usage of the setxattr, fsetxattr, lsetxattr, removexattr, fremovexattr, and lremovexattr system calls - b32 auid>=1000
- RHEL-08-030200 - The RHEL 8 audit system must be configured to audit any usage of the setxattr, fsetxattr, lsetxattr, removexattr, fremovexattr, and lremovexattr system calls - b64 auid>=1000
- RHEL-08-030480 - Successful/unsuccessful uses of the chown, fchown, fchownat, and lchown system calls in RHEL 8 must generate an audit record - b32
- RHEL-08-030480 - Successful/unsuccessful uses of the chown, fchown, fchownat, and lchown system calls in RHEL 8 must generate an audit record - b64
- RHEL-08-030490 - Successful/unsuccessful uses of the chmod, fchmod, and fchmodat system calls in RHEL 8 must generate an audit record - b32
- RHEL-08-030490 - Successful/unsuccessful uses of the chmod, fchmod, and fchmodat system calls in RHEL 8 must generate an audit record - b64
Added- RHEL-08-020300 - RHEL 8 must prevent the use of dictionary words for passwords
Removed- RHEL-08-020021 - RHEL 8 must log user name information when unsuccessful logon attempts occur - pam_faillock.so
- RHEL-08-020300 - RHEL 8 must prevent the use of dictionary words for passwords - /etc/pwquality.conf.d/*.conf
- RHEL-08-020300 - RHEL 8 must prevent the use of dictionary words for passwords - /etc/security/pwquality.conf
|
Nov 4, 2022 Functional Update- RHEL-08-010420 - RHEL 8 must implement non-executable data to protect its memory from unauthorized code execution - /proc/cpuinfo
- RHEL-08-040070 - The RHEL 8 file system automounter must be disabled unless required.
|
Oct 26, 2022 Removed- RHEL-08-040150 - A firewall must be able to protect against or limit the effects of Denial of Service (DoS) attacks by ensuring RHEL 8 can implement rate-limiting measures on impacted network interfaces - nftables status
|
Oct 18, 2022 Functional Update- RHEL-08-010382 - RHEL 8 must restrict privilege elevation to authorized personnel - sudoers.d
- RHEL-08-040300 - The RHEL 8 file integrity tool must be configured to verify extended attributes.
- RHEL-08-040310 - The RHEL 8 file integrity tool must be configured to verify Access Control Lists (ACLs).
Informational Update- RHEL-08-040300 - The RHEL 8 file integrity tool must be configured to verify extended attributes.
- RHEL-08-040310 - The RHEL 8 file integrity tool must be configured to verify Access Control Lists (ACLs).
|
