| 2.1620 - The system must use a file integrity tool that is configured to use FIPS 140-2 approved cryptographic hashes for validating file contents and directories - installed | Tenable Fedora Linux Best Practices v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.370 - The system must audit all uses of the chown syscall - 32 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.370 - The system must audit all uses of the chown syscall - 64 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.380 - The system must audit all uses of the fchown syscall - 32 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.380 - The system must audit all uses of the fchown syscall - 64 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.390 - The system must audit all uses of the lchown syscall - 32 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.400 - The system must audit all uses of the fchownat syscall - 64 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.500 - The system must audit all uses of the creat syscall - EACCES 32 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.500 - The system must audit all uses of the creat syscall - EACCES 64 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.500 - The system must audit all uses of the creat syscall - EPERM 32 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.500 - The system must audit all uses of the creat syscall - EPERM 64 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.510 - The system must audit all uses of the open syscall - EACCES 32 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.510 - The system must audit all uses of the open syscall - EACCES 64 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.510 - The system must audit all uses of the open syscall - EPERM 32 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.510 - The system must audit all uses of the open syscall - EPERM 64 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.520 - The system must audit all uses of the openat syscall - EACCES 32 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.520 - The system must audit all uses of the openat syscall - EACCES 64 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.530 - The system must audit all uses of the open_by_handle_at syscall - EPERM 32 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.530 - The system must audit all uses of the open_by_handle_at syscall - EPERM 64 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.540 - The system must audit all uses of the truncate syscall - EACCES 64 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.540 - The system must audit all uses of the truncate syscall - EPERM 64 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.550 - The system must audit all uses of the ftruncate syscall - EACCES 32 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.550 - The system must audit all uses of the ftruncate syscall - EACCES 64 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.550 - The system must audit all uses of the ftruncate syscall - EPERM 32 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.590 - The system must audit all uses of the setfiles command. | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.740 - The system must audit all uses of the mount command and syscall - 32 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.740 - The system must audit all uses of the mount command and syscall - 64 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.740 - The system must audit all uses of the mount command and syscall. | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.880 - The system must audit all uses of the rename syscall - 32 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.890 - The system must audit all uses of the renameat syscall - 32 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.890 - The system must audit all uses of the renameat syscall - 64 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.900 - The system must audit all uses of the rmdir syscall - 32 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.900 - The system must audit all uses of the rmdir syscall - 64 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.910 - The system must audit all uses of the unlink syscall - 64 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.920 - The system must audit all uses of the unlinkat syscall - 32 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.920 - The system must audit all uses of the unlinkat syscall - 64 bit | Tenable Fedora Linux Best Practices v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.340 - The system must be configured so that all network connections associated with SSH traffic terminate after a period of inactivity. | Tenable Fedora Linux Best Practices v2.0.0 | Unix | ACCESS CONTROL |
| 4.520 - The system must enable an application firewall, if available - installed | Tenable Fedora Linux Best Practices v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.610 - The system must not forward Internet Protocol version 4 (IPv4) source-routed packets - config | Tenable Fedora Linux Best Practices v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.611 - The system must use a reverse-path filter for IPv4 network traffic when possible on all interfaces. | Tenable Fedora Linux Best Practices v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.612 - The system must use a reverse-path filter for IPv4 network traffic when possible by default. | Tenable Fedora Linux Best Practices v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.620 - The system must not forward Internet Protocol version 4 (IPv4) source-routed packets by default - config | Tenable Fedora Linux Best Practices v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.630 - The system must not respond to Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) echoes sent to a broadcast address - config | Tenable Fedora Linux Best Practices v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.640 - The system must prevent Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirect messages from being accepted - config | Tenable Fedora Linux Best Practices v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.641 - The system must ignore Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirect messages - config | Tenable Fedora Linux Best Practices v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.650 - The system must not allow interfaces to perform Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirects by default - config | Tenable Fedora Linux Best Practices v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.660 - The system must not send Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirects - config | Tenable Fedora Linux Best Practices v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.830 - The system must not forward IPv6 source-routed packets - config | Tenable Fedora Linux Best Practices v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 40740 - The system must not be performing packet forwarding unless the system is a router - config | Tenable Fedora Linux Best Practices v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| WG145 A22 - The private web server must use an approved DoD certificate validation process. | DISA STIG Apache Server 2.2 Unix v1r10 | Unix | |
