Oct 31, 2025 Functional Update- RHEL-09-212010 - RHEL 9 must require a boot loader superuser password.
- RHEL-09-212020 - RHEL 9 must require a unique superusers name upon booting into single-user and maintenance modes.
- RHEL-09-231010 - A separate RHEL 9 file system must be used for user home directories (such as /home or an equivalent).
- RHEL-09-231015 - RHEL 9 must use a separate file system for /tmp.
- RHEL-09-231020 - RHEL 9 must use a separate file system for /var.
- RHEL-09-231025 - RHEL 9 must use a separate file system for /var/log.
- RHEL-09-231030 - RHEL 9 must use a separate file system for the system audit data path.
- RHEL-09-231035 - RHEL 9 must use a separate file system for /var/tmp.
- RHEL-09-231045 - RHEL 9 must prevent device files from being interpreted on file systems that contain user home directories.
- RHEL-09-231050 - RHEL 9 must prevent files with the setuid and setgid bit set from being executed on file systems that contain user home directories.
- RHEL-09-231055 - RHEL 9 must prevent code from being executed on file systems that contain user home directories.
- RHEL-09-231095 - RHEL 9 must mount /boot with the nodev option.
- RHEL-09-231100 - RHEL 9 must prevent files with the setuid and setgid bit set from being executed on the /boot directory.
- RHEL-09-231105 - RHEL 9 must prevent files with the setuid and setgid bit set from being executed on the /boot/efi directory.
- RHEL-09-231110 - RHEL 9 must mount /dev/shm with the nodev option.
- RHEL-09-231115 - RHEL 9 must mount /dev/shm with the noexec option.
- RHEL-09-231120 - RHEL 9 must mount /dev/shm with the nosuid option.
- RHEL-09-231125 - RHEL 9 must mount /tmp with the nodev option.
- RHEL-09-231130 - RHEL 9 must mount /tmp with the noexec option.
- RHEL-09-231135 - RHEL 9 must mount /tmp with the nosuid option.
- RHEL-09-231140 - RHEL 9 must mount /var with the nodev option.
- RHEL-09-231145 - RHEL 9 must mount /var/log with the nodev option.
- RHEL-09-231150 - RHEL 9 must mount /var/log with the noexec option.
- RHEL-09-231155 - RHEL 9 must mount /var/log with the nosuid option.
- RHEL-09-231160 - RHEL 9 must mount /var/log/audit with the nodev option.
- RHEL-09-231165 - RHEL 9 must mount /var/log/audit with the noexec option.
- RHEL-09-231170 - RHEL 9 must mount /var/log/audit with the nosuid option.
- RHEL-09-231175 - RHEL 9 must mount /var/tmp with the nodev option.
- RHEL-09-231180 - RHEL 9 must mount /var/tmp with the noexec option.
- RHEL-09-231185 - RHEL 9 must mount /var/tmp with the nosuid option.
- RHEL-09-232195 - RHEL 9 system commands must be group-owned by root or a system account.
- RHEL-09-232205 - RHEL 9 library files must be group-owned by root or a system account.
- RHEL-09-232215 - RHEL 9 library directories must be group-owned by root or a system account.
- RHEL-09-255060 - RHEL 9 must implement DOD-approved encryption ciphers to protect the confidentiality of SSH connections.
- RHEL-09-271090 - RHEL 9 effective dconf policy must match the policy keyfiles.
- RHEL-09-291010 - RHEL 9 must be configured to disable USB mass storage.
- RHEL-09-432020 - RHEL 9 must use the invoking user's password for privilege escalation when using \"sudo\".
- RHEL-09-432025 - RHEL 9 must require users to reauthenticate for privilege escalation.
- RHEL-09-611025 - RHEL 9 must not allow blank or null passwords.
- RHEL-09-611195 - RHEL 9 must require authentication to access emergency mode.
- RHEL-09-611200 - RHEL 9 must require authentication to access single-user mode.
Informational Update- RHEL-09-212020 - RHEL 9 must require a unique superusers name upon booting into single-user and maintenance modes.
Miscellaneous- Metadata updated.
- Variables updated.
|
