| RHEL-10-400190 - RHEL 10 must enforce the audit log directory to have a mode of "0750" or less permissive to prevent unauthorized read access. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-10-400240 - RHEL 10 must enforce mode "0750" or less permissive for local interactive user home directories. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | ACCESS CONTROL |
| RHEL-10-400260 - RHEL 10 must enforce mode "0000" or less permissive for the "/etc/gshadow-" file to prevent unauthorized access. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | ACCESS CONTROL |
| RHEL-10-400265 - RHEL 10 must enforce mode "0644" or less permissive for the "/etc/passwd" file to prevent unauthorized access. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | ACCESS CONTROL |
| RHEL-10-400275 - RHEL 10 must enforce mode "0000" or less permissive for "/etc/shadow-" file to prevent unauthorized access. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | ACCESS CONTROL |
| RHEL-10-400305 - RHEL 10 must be configured so that audit tools are group-owned by "root". | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-10-400315 - RHEL 10 must define default permissions for the bash shell. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | ACCESS CONTROL |
| RHEL-10-400330 - RHEL 10 must define default permissions for the system default profile. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | ACCESS CONTROL |
| RHEL-10-400340 - RHEL 10 must enforce mode "0600" or less permissive for Secure Shell (SSH) private host key files. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | ACCESS CONTROL |
| RHEL-10-500015 - RHEL 10 must write audit records to disk. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-10-500020 - RHEL 10 must log username information when unsuccessful login attempts occur. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | ACCESS CONTROL |
| RHEL-10-500120 - RHEL 10 must produce audit records containing information to establish the identity of any individual or process associated with the event. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-10-500210 - RHEL 10 must notify the system administrator (SA) and/or information system security officer (ISSO) (at a minimum) of an audit processing failure. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-10-500330 - RHEL 10 must generate audit records for successful and unsuccessful uses of the "chacl" command. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-10-500350 - RHEL 10 must generate audit records for successful and unsuccessful uses of the "chcon" command. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-10-500380 - RHEL 10 must generate audit records for successful and unsuccessful uses of the "setsebool" command. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-10-500430 - RHEL 10 must generate audit records for successful and unsuccessful uses of the "chsh" command. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-10-500460 - RHEL 10 must generate audit records for successful and unsuccessful uses of the "kmod" command. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-10-500480 - RHEL 10 must generate audit records for successful and unsuccessful uses of the "pam_timestamp_check" command. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-10-500620 - RHEL 10 must generate audit records for successful and unsuccessful uses of the "init" command. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-10-500630 - RHEL 10 must generate audit records for successful and unsuccessful uses of the "poweroff" command. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-10-500660 - RHEL 10 must generate audit records for successful and unsuccessful uses of the "umount" system call. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-10-500670 - RHEL 10 must generate audit records for successful and unsuccessful uses of the "umount2" system call. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-10-500710 - RHEL 10 must generate audit records for all account creations, modifications, disabling, and termination events that affect "/etc/gshadow". | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-10-500740 - RHEL 10 must generate audit records for all account creations, modifications, disabling, and termination events that affect "/etc/shadow". | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-10-500810 - RHEL 10 must generate audit records for all uses of the "rename", "unlink", "rmdir", "renameat", "renameat2", and "unlinkat" system calls. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-10-600000 - RHEL 10 must require a boot loader superuser password. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | ACCESS CONTROL |
| RHEL-10-600020 - RHEL 10 must not assign an interactive login shell for system accounts. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| RHEL-10-600190 - RHEL 10 must ensure that all local interactive user home directories defined in the "/etc/passwd" file must exist. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-10-600210 - RHEL 10 must enforce a 24-hours minimum password lifetime restriction for passwords for new users or password changes in "/etc/login.defs". | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-10-600400 - RHEL 10 must allow only the root account to have unrestricted access to the system. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | ACCESS CONTROL |
| RHEL-10-600470 - RHEL 10 must have a unique group ID (GID) for each group in "/etc/group". | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-10-600530 - RHEL 10 must require users to reauthenticate for privilege escalation. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-10-600560 - RHEL 10 must require users to provide a password for privilege escalation. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-10-600620 - RHEL 10 must ensure the password complexity module is enabled in the "password-auth" file. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-10-700125 - RHEL 10 must prevent files with the "setuid" and "setgid" bit set from being executed on the "/boot" directory. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-10-700135 - RHEL 10 must mount "/dev/shm" with the "nodev" option. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-10-700140 - RHEL 10 must mount "/dev/shm" with the "noexec" option. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-10-700160 - RHEL 10 must mount "/tmp" with the "nosuid" option. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-10-700165 - RHEL 10 must mount "/var" with the "nodev" option. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-10-700170 - RHEL 10 must mount "/var/log" with the "nodev" option. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-10-700175 - RHEL 10 must mount "/var/log" with the "noexec" option. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-10-700190 - RHEL 10 must mount "/var/tmp" with the "noexec" option. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-10-700680 - RHEL 10 must not have a "shosts.equiv" file on the system. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | ACCESS CONTROL |
| RHEL-10-700770 - RHEL 10 must initiate a session lock for graphical user interfaces when the screensaver is activated. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | ACCESS CONTROL |
| RHEL-10-700830 - RHEL 10 must disable the ability of a user to accidentally press Ctrl-Alt-Del and cause a system to shut down or reboot. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-10-700880 - RHEL 10 must disable the graphical user interface automounter unless required. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-10-700970 - RHEL 10 must disable the debug-shell systemd service. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | ACCESS CONTROL |
| RHEL-10-701030 - RHEL 10 must restrict access to the kernel message buffer. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-10-701080 - RHEL 10 must enable kernel parameters to enforce discretionary access control (DAC) on symlinks. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | ACCESS CONTROL |
