| 5.3.9 Collect Login and Logout Events - /var/log/tallylog | CIS Red Hat Enterprise Linux 5 L2 v2.2.1 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| RHEL-09-211035 - RHEL 9 must enable the hardware random number generator entropy gatherer service. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-212010 - RHEL 9 must require a boot loader superuser password. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | ACCESS CONTROL |
| RHEL-09-212055 - RHEL 9 must enable auditing of processes that start prior to the audit daemon. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-09-213010 - RHEL 9 must restrict access to the kernel message buffer. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-09-213015 - RHEL 9 must prevent kernel profiling by nonprivileged users. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-09-213020 - RHEL 9 must prevent the loading of a new kernel for later execution. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-213025 - RHEL 9 must restrict exposed kernel pointer addresses access. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| RHEL-09-213030 - RHEL 9 must enable kernel parameters to enforce discretionary access control on hardlinks. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | ACCESS CONTROL |
| RHEL-09-213035 - RHEL 9 must enable kernel parameters to enforce discretionary access control on symlinks. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | ACCESS CONTROL |
| RHEL-09-213055 - RHEL 9 must be configured to disable the FireWire kernel module. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-213060 - RHEL 9 must disable the Stream Control Transmission Protocol (SCTP) kernel module. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-213115 - The kdump service on RHEL 9 must be disabled. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-214030 - RHEL 9 must be configured so that the cryptographic hashes of system files match vendor values. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-215040 - RHEL 9 must not have the telnet-server package installed. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-215095 - RHEL 9 must have the s-nail package installed. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-231020 - RHEL 9 must use a separate file system for /var. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-231030 - RHEL 9 must use a separate file system for the system audit data path. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-09-231050 - RHEL 9 must prevent files with the setuid and setgid bit set from being executed on file systems that contain user home directories. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-231055 - RHEL 9 must prevent code from being executed on file systems that contain user home directories. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-231085 - RHEL 9 must prevent special devices on file systems that are used with removable media. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-231115 - RHEL 9 must mount /dev/shm with the noexec option. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-231155 - RHEL 9 must mount /var/log with the nosuid option. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-231165 - RHEL 9 must mount /var/log/audit with the noexec option. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-231170 - RHEL 9 must mount /var/log/audit with the nosuid option. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-232060 - RHEL 9 /etc/group- file must have mode 0644 or less permissive to prevent unauthorized access. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-232075 - RHEL 9 /etc/passwd file must have mode 0644 or less permissive to prevent unauthorized access. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-232085 - RHEL 9 /etc/shadow- file must have mode 0000 or less permissive to prevent unauthorized access. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-232105 - RHEL 9 /etc/group- file must be group-owned by root. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-232115 - RHEL 9 /etc/gshadow file must be group-owned by root. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-232200 - RHEL 9 library files must be owned by root. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-232205 - RHEL 9 library files must be group-owned by root or a system account. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-232220 - RHEL 9 audit tools must be owned by root. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-09-251040 - RHEL 9 network interfaces must not be in promiscuous mode. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-252040 - RHEL 9 must configure a DNS processing mode in Network Manager. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-253060 - RHEL 9 must limit the number of bogus Internet Control Message Protocol (ICMP) response errors logs. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-254020 - RHEL 9 must not forward IPv6 source-routed packets. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-255015 - All RHEL 9 networked systems must have and implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-09-255064 - The RHEL 9 SSH client must be configured to use only DOD-approved encryption ciphers employing FIPS 140-3 validated cryptographic hash algorithms to protect the confidentiality of SSH client connections. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | ACCESS CONTROL |
| RHEL-09-255070 - The RHEL 9 SSH client must be configured to use only DOD-approved Message Authentication Codes (MACs) employing FIPS 140-3 validated cryptographic hash algorithms to protect the confidentiality of SSH client connections. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | ACCESS CONTROL |
| RHEL-09-255095 - RHEL 9 must be configured so that all network connections associated with SSH traffic terminate after becoming unresponsive. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-09-255145 - RHEL 9 SSH daemon must not allow rhosts authentication. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-255165 - RHEL 9 SSH daemon must display the date and time of the last successful account logon upon an SSH logon. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-271025 - RHEL 9 must prevent a user from overriding the disabling of the graphical user interface automount function. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-09-291030 - RHEL 9 must block unauthorized peripherals before establishing a connection. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-09-411020 - All RHEL 9 local interactive user accounts must be assigned a home directory upon creation. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-411030 - RHEL 9 duplicate User IDs (UIDs) must not exist for interactive users. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION |
| RHEL-09-411055 - Executable search paths within the initialization files of all local interactive RHEL 9 users must only contain paths that resolve to the system default or the users home directory. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-411070 - All RHEL 9 local interactive user home directories must be group-owned by the home directory owner's primary group. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-412050 - RHEL 9 must enforce a delay of at least four seconds between logon prompts following a failed logon attempt. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
