Detections
Analytics

Revision 1.7

Jan 4, 2023
Functional Update
  • RHEL-08-010001 - The RHEL 8 operating system must implement the Endpoint Security for Linux Threat Prevention tool.
  • RHEL-08-010500 - The RHEL 8 SSH daemon must perform strict mode checking of home directory configuration files.
  • RHEL-08-010520 - The RHEL 8 SSH daemon must not allow authentication using known host's authentication.
  • RHEL-08-010521 - The RHEL 8 SSH daemon must not allow Kerberos authentication, except to fulfill documented and validated mission requirements.
  • RHEL-08-010522 - The RHEL 8 SSH daemon must not allow GSSAPI authentication, except to fulfill documented and validated mission requirements.
  • RHEL-08-010550 - RHEL 8 must not permit direct logons to the root account using remote access via SSH.
  • RHEL-08-010571 - RHEL 8 must prevent files with the setuid and setgid bit set from being executed on the /boot directory.
  • RHEL-08-010572 - RHEL 8 must prevent files with the setuid and setgid bit set from being executed on the /boot/efi directory.
  • RHEL-08-010590 - RHEL 8 must prevent code from being executed on file systems that contain user home directories.
  • RHEL-08-010680 - For RHEL 8 systems using Domain Name Servers (DNS) resolution, at least two name servers must be configured - nameserver 1
  • RHEL-08-010680 - For RHEL 8 systems using Domain Name Servers (DNS) resolution, at least two name servers must be configured - nameserver 2
  • RHEL-08-010700 - All RHEL 8 world-writable directories must be owned by root, sys, bin, or an application user.
  • RHEL-08-010830 - RHEL 8 must not allow users to override SSH environment variables.
  • RHEL-08-020024 - RHEL 8 must limit the number of concurrent sessions to ten for all accounts and/or account types.
  • RHEL-08-020031 - RHEL 8 must initiate a session lock for graphical user interfaces when the screensaver is activated.
  • RHEL-08-020032 - RHEL 8 must disable the user list at logon for graphical user interfaces.
  • RHEL-08-020080 - RHEL 8 must prevent a user from overriding the session lock-delay setting for the graphical user interface.
  • RHEL-08-020081 - RHEL 8 must prevent a user from overriding the session idle-delay setting for the graphical user interface.
  • RHEL-08-020082 - RHEL 8 must prevent a user from overriding the screensaver lock-enabled setting for the graphical user interface.
  • RHEL-08-020250 - RHEL 8 must implement smart card logon for multifactor authentication for access to interactive accounts - pam_sss.so
  • RHEL-08-030180 - The RHEL 8 audit package must be installed.
  • RHEL-08-030603 - RHEL 8 must enable Linux audit logging for the USBGuard daemon.
  • RHEL-08-030700 - RHEL 8 must take appropriate action when the internal event queue is full.
  • RHEL-08-040001 - RHEL 8 must not have any automated bug reporting tools installed.
  • RHEL-08-040111 - RHEL 8 Bluetooth must be disabled. - disabled
  • RHEL-08-040161 - RHEL 8 must force a frequent session key renegotiation for SSH connections to the server.
  • RHEL-08-040170 - The x86 Ctrl-Alt-Delete key sequence must be disabled on RHEL 8.
  • RHEL-08-040171 - The x86 Ctrl-Alt-Delete key sequence in RHEL 8 must be disabled if a graphical user interface is installed.
Miscellaneous
  • Audit deprecated.
  • Metadata updated.
  • References updated.