| RHEL-08-030317 - Successful/unsuccessful uses of unix_chkpwd in RHEL 8 must generate an audit record. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-08-030320 - Successful/unsuccessful uses of the ssh-keysign in RHEL 8 must generate an audit record. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-08-030601 - RHEL 8 must enable auditing of processes that start prior to the audit daemon. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-08-030602 - RHEL 8 must allocate an audit_backlog_limit of sufficient size to capture processes that start prior to the audit daemon. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-08-030610 - RHEL 8 must allow only the Information System Security Manager (ISSM) (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-08-030620 - RHEL 8 audit tools must have a mode of 0755 or less permissive. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-08-030670 - RHEL 8 must have the packages required for offloading audit logs installed. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-030690 - The RHEL 8 audit records must be off-loaded onto a different system or storage media from the system being audited. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-08-030700 - RHEL 8 must take appropriate action when the internal event queue is full. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-08-030710 - RHEL 8 must encrypt the transfer of audit records off-loaded onto a different system or media from the system being audited. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-08-030730 - RHEL 8 must take action when allocated audit record storage volume reaches 75 percent of the repository maximum audit record storage capacity. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-08-030740 - RHEL 8 must securely compare internal information system clocks at least every 24 hours with a server synchronized to an authoritative time source, such as the United States Naval Observatory (USNO) time servers, or a time server designated for the appropriate DoD network (NIPRNet/SIPRNet), and/or the Global Positioning System (GPS). | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-08-030741 - RHEL 8 must disable the chrony daemon from acting as a server. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-030742 - RHEL 8 must disable network management of the chrony daemon. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-040001 - RHEL 8 must not have any automated bug reporting tools installed. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-040004 - RHEL 8 must enable mitigations against processor-based vulnerabilities. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-040010 - RHEL 8 must not have the rsh-server package installed. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-040020 - RHEL 8 must cover or disable the built-in or attached camera when not in use. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-040100 - A firewall must be installed on RHEL 8. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | ACCESS CONTROL |
| RHEL-08-040101 - A firewall must be active on RHEL 8. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | ACCESS CONTROL |
| RHEL-08-040124 - RHEL 8 must mount /tmp with the nosuid option. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-040131 - RHEL 8 must mount /var/log/audit with the noexec option. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-040132 - RHEL 8 must mount /var/tmp with the nodev option. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-040136 - The RHEL 8 fapolicy module must be enabled. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-040139 - RHEL 8 must have the USBGuard installed. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-08-040190 - The Trivial File Transfer Protocol (TFTP) server package must not be installed if not required for RHEL 8 operational support. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-040240 - RHEL 8 must not forward IPv6 source-routed packets. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-040249 - RHEL 8 must not forward IPv4 source-routed packets by default. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-040284 - RHEL 8 must disable the use of user namespaces. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-040341 - The RHEL 8 SSH daemon must prevent remote hosts from connecting to the proxy display. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-040342 - RHEL 8 SSH server must be configured to use only FIPS-validated key exchange algorithms. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | ACCESS CONTROL |
| RHEL-08-040360 - A File Transfer Protocol (FTP) server package must not be installed unless mission essential on RHEL 8. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-211035 - RHEL 9 must enable the hardware random number generator entropy gatherer service. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-212010 - RHEL 9 must require a boot loader superuser password. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | ACCESS CONTROL |
| RHEL-09-212055 - RHEL 9 must enable auditing of processes that start prior to the audit daemon. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-09-213010 - RHEL 9 must restrict access to the kernel message buffer. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-09-213015 - RHEL 9 must prevent kernel profiling by nonprivileged users. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-09-213020 - RHEL 9 must prevent the loading of a new kernel for later execution. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-213025 - RHEL 9 must restrict exposed kernel pointer addresses access. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| RHEL-09-213030 - RHEL 9 must enable kernel parameters to enforce discretionary access control on hardlinks. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | ACCESS CONTROL |
| RHEL-09-213035 - RHEL 9 must enable kernel parameters to enforce discretionary access control on symlinks. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | ACCESS CONTROL |
| RHEL-09-213055 - RHEL 9 must be configured to disable the FireWire kernel module. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-213060 - RHEL 9 must disable the Stream Control Transmission Protocol (SCTP) kernel module. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-213115 - The kdump service on RHEL 9 must be disabled. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-214030 - RHEL 9 must be configured so that the cryptographic hashes of system files match vendor values. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-215040 - RHEL 9 must not have the telnet-server package installed. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-215095 - RHEL 9 must have the s-nail package installed. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-231020 - RHEL 9 must use a separate file system for /var. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-231030 - RHEL 9 must use a separate file system for the system audit data path. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-09-231050 - RHEL 9 must prevent files with the setuid and setgid bit set from being executed on file systems that contain user home directories. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | CONFIGURATION MANAGEMENT |
