BigFix Compliance Updated CIS Checklist for RHEL 7 with bug fixes, published 2024-03-01

Release Announcements Compliance (Release Announcements)
1

Product:
BigFix Compliance

Title:
Updated CIS Red Hat Enterprise Linux 7 with bug fixes.

Security Benchmark:
CIS Red Hat Enterprise Linux 7 Benchmark, v3.1.1

Published Sites:
CIS Checklist for RHEL 7, site version 57
(The site version is provided for air-gap customers.)

Details:

  • Fixed and Improved implementation for the following check:
    4.1.11 - Ensure use of privileged commands is collected
    1.1.22 - Ensure sticky bit is set on all world-writable directories
    6.1.10 - Ensure no world writable files exist
    6.1.11 - Ensure no unowned files or directories exist
    6.1.12 - Ensure no ungrouped files or directories exist
    3.5.2.7 - Ensure nftables loopback traffic is configured
    3.5.3.3.5 - Ensure ip6tables rules are saved
    3.5.3.3.6 - Ensure ip6tables is enabled and running
    3.5.3.3.4 - Ensure ip6tables default deny firewall policy
    3.5.3.3.1 - Ensure ip6tables loopback traffic is configured
    3.3.1 - Ensure source routed packets are not accepted
    3.3.2 - Ensure ICMP redirects are not accepted
    3.3.9 - Ensure IPv6 router advertisements are not accepted
    3.2.1 - Ensure IP forwarding is disabled

Actions to take:

More information:
To know more about the BigFix Compliance SCM checklists, please see the following resources:

We hope you find this latest release of SCM content useful and effective. Thank you!

– The BigFix Compliance team