BigFix Compliance: Updated CIS Red Hat Enterprise Linux 8 with bugfixes, published 2025-10-10

Release Announcements Compliance (Release Announcements)
1

Product:
BigFix Compliance

Title:
Updated CIS Red Hat Enterprise Linux 8 with bugfixes.

Security Benchmark:
CIS Red Hat Enterprise Linux 8 Benchmark, v3.0.0

Published Sites:
CIS Checklist for RHEL 8, site version 39
(The site version is provided for air-gap customers.)

Details:

Updated Fixlets:

  • Ensure auditing for processes that start prior to auditd is enabled.
  • Ensure audit_backlog_limit is sufficient
  • Ensure no duplicate user names exist
  • Ensure no duplicate group names exist
  • Ensure discretionary access control permission modification events are collected

Additional details:

  • Both analysis and remediation checks are included
  • Some of the checks allow you to use the parameterized setting to enable customization for compliance evaluation. Note that parameterization and remediation actions require the creation of a custom site.
  • Improved few checks by adding the pending restart feature to them. The pending restart feature works in the following ways:
  • The action results will show “Pending Restart” instead of “Fixed” for those checks which requires OS reboot.
  • The check will show relevant for those endpoints until they are rebooted.
  • Post reboot of the endpoint the action results will show as “Fixed”, and the check will be compliant.

Actions to take:

More information:
To know more about the BigFix Compliance SCM checklists, please see the following resources:

We hope you find this latest release of SCM content useful and effective. Thank you!

– The BigFix Compliance team