Product:
BigFix Compliance
Title:
Updated CIS Red Hat Enterprise Linux 8 with bug fixes.
Security Benchmark:
CIS Red Hat Enterprise Linux 8 Benchmark, v2.0.0
Published Sites:
CIS Checklist for RHEL 8, site version 29
(The site version is provided for air-gap customers.)
Details:
- Fixed and Improved implementation for the following check:
4.1.3.6 - Ensure use of privileged commands are collected
6.1.2 - Ensure sticky bit is set on all world-writable directories
6.1.11 - Ensure no world writable files exist
6.1.12 - Ensure no unowned files or directories exist
6.1.13 - Ensure no ungrouped files or directories exist
3.4.2.7 - Ensure nftables loopback traffic is configured
3.4.3.3.5 - Ensure ip6tables rules are saved
3.4.3.3.6 - Ensure ip6tables is enabled and active
3.4.3.3.4 - Ensure ip6tables default deny firewall policy
3.4.3.3.1 - Ensure ip6tables loopback traffic is configured
3.3.1 - Ensure source routed packets are not accepted
3.3.2 - Ensure ICMP redirects are not accepted
3.3.9 - Ensure IPv6 router advertisements are not accepted
3.2.1 - Ensure IP forwarding is disabled
4.1.3.19 - Ensure kernel module loading unloading and modification is collected
3.4.1.4 - Ensure firewalld service enabled and running
4.1.1.2 - Ensure auditd service is enabled
4.2.1.2 - Ensure rsyslog service is enabled
3.1.1 - Verify if IPv6 is enabled on the system
5.1.1 - Ensure cron daemon is enabled
4.1.3.14 - Ensure events that modify the system’s Mandatory Access Controls are collected
1.4.2 - Ensure permissions on bootloader config are configured
3.1.4 - Ensure wireless interfaces are disabled
Actions to take:
- To subscribe to the above site, you can use the License Overview Dashboard to enable and gather the site. Note that you must be entitled to the BigFix Compliance product, and you must be using BigFix version 9.2 and later.
- If you use custom sites, update your custom sites accordingly to use the latest content. You can synchronize your content by using the Synchronize Custom Checks wizard. For more information, see
https://help.hcltechsw.com/bigfix/10.0/compliance/Compliance/SCM_Users_Guide/c_using_synchronize_custom_checks_wiz.html
More information:
To know more about the BigFix Compliance SCM checklists, please see the following resources:
- BigFix Forum:
https://forum.bigfix.com/c/release-announcements/compliance - BigFix Compliance SCM Checklists:
https://bigfix-wiki.hcltechsw.com/wikis/home?lang=enus#!/wiki/BigFix%20Wiki/page/SCM%20Checklists
We hope you find this latest release of SCM content useful and effective. Thank you!
– The BigFix Compliance team