| RHEL-08-010149 - RHEL 8 operating systems booted with a BIOS must require a unique superusers name upon booting into single-user and maintenance modes. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | ACCESS CONTROL |
| RHEL-08-010159 - The RHEL 8 pam_unix.so module must be configured in the system-auth file to use a FIPS 140-2 approved cryptographic hashing algorithm for system authentication. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-08-010210 - The RHEL 8 /var/log/messages file must have mode 0640 or less permissive. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| RHEL-08-010379 - RHEL 8 must specify the default "include" directory for the /etc/sudoers file. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-010674 - RHEL 8 must disable storing core dumps. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-010700 - All RHEL 8 world-writable directories must be owned by root, sys, bin, or an application user. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-010760 - All RHEL 8 local interactive user accounts must be assigned a home directory upon creation. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-020014 - RHEL 8 must automatically lock an account until the locked account is released by an administrator when three unsuccessful logon attempts occur during a 15-minute time period. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | ACCESS CONTROL |
| RHEL-08-020015 - RHEL 8 must automatically lock an account until the locked account is released by an administrator when three unsuccessful logon attempts occur during a 15-minute time period. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | ACCESS CONTROL |
| RHEL-08-020016 - RHEL 8 must ensure account lockouts persist. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | ACCESS CONTROL |
| RHEL-08-020019 - RHEL 8 must prevent system messages from being presented when three unsuccessful logon attempts occur. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | ACCESS CONTROL |
| RHEL-08-020080 - RHEL 8 must prevent a user from overriding the session lock-delay setting for the graphical user interface. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | ACCESS CONTROL |
| RHEL-08-020100 - RHEL 8 must ensure the password complexity module is enabled in the password-auth file. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-020104 - RHEL 8 systems, version 8.4 and above, must ensure the password complexity module is configured for three retries or less. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-020300 - RHEL 8 must prevent the use of dictionary words for passwords. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-020350 - RHEL 8 must display the date and time of the last successful account logon upon an SSH logon. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | ACCESS CONTROL |
| RHEL-08-020360 - RHEL 8 must automatically exit interactive command shell user sessions after 10 minutes of inactivity. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-08-030020 - The RHEL 8 System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) must be alerted of an audit processing failure event. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-08-030030 - The RHEL 8 Information System Security Officer (ISSO) and System Administrator (SA) (at a minimum) must have mail aliases to be notified of an audit processing failure. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-08-030170 - RHEL 8 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-08-030317 - Successful/unsuccessful uses of unix_chkpwd in RHEL 8 must generate an audit record. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-08-030360 - Successful/unsuccessful uses of the init_module and finit_module system calls in RHEL 8 must generate an audit record. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-08-030361 - Successful/unsuccessful uses of the rename, unlink, rmdir, renameat, and unlinkat system calls in RHEL 8 must generate an audit record. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-08-030490 - Successful/unsuccessful uses of the chmod, fchmod, and fchmodat system calls in RHEL 8 must generate an audit record. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-08-030590 - Successful/unsuccessful modifications to the faillock log file in RHEL 8 must generate an audit record. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-08-040030 - RHEL 8 must be configured to prohibit or restrict the use of functions, ports, protocols, and/or services, as defined in the Ports, Protocols, and Services Management (PPSM) Category Assignments List (CAL) and vulnerability assessments. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-040070 - The RHEL 8 file system automounter must be disabled. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-08-040159 - All RHEL 8 networked systems must have SSH installed. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-08-040160 - All RHEL 8 networked systems must have and implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-08-040180 - The debug-shell systemd service must be disabled on RHEL 8. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-040220 - RHEL 8 must not send Internet Control Message Protocol (ICMP) redirects. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-040260 - RHEL 8 must not enable IPv6 packet forwarding unless the system is a router. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-040261 - RHEL 8 must not accept router advertisements on all IPv6 interfaces. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-040270 - RHEL 8 must not allow interfaces to perform Internet Control Message Protocol (ICMP) redirects by default. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-040283 - RHEL 8 must restrict exposed kernel pointer addresses access. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-040285 - RHEL 8 must use reverse path filtering on all IPv4 interfaces. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-040370 - The gssproxy package must not be installed unless mission essential on RHEL 8. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-040390 - The tuned package must not be installed unless mission essential on RHEL 8. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-211040 - RHEL 9 systemd-journald service must be enabled. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-09-212015 - RHEL 9 must disable the ability of systemd to spawn an interactive boot process. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-213065 - RHEL 9 must disable the Transparent Inter Process Communication (TIPC) kernel module. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-213075 - RHEL 9 must disable access to network bpf system call from nonprivileged processes. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-09-213105 - RHEL 9 must disable the use of user namespaces. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-215030 - RHEL 9 must not have the ypserv package installed. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-215085 - RHEL 9 must have the nss-tools package installed. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-231090 - RHEL 9 must prevent files with the setuid and setgid bit set from being executed on file systems that are used with removable media. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-232030 - RHEL 9 /var/log/messages file must have mode 0640 or less permissive. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| RHEL-09-232045 - All RHEL 9 local initialization files must have mode 0740 or less permissive. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-232055 - RHEL 9 /etc/group file must have mode 0644 or less permissive to prevent unauthorized access. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-232090 - RHEL 9 /etc/group file must be owned by root. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | CONFIGURATION MANAGEMENT |
