Product:
BigFix Compliance
Title:
Updated DISA STIG Checklist for RHEL 7, CentOS Linux 7 with bug fixes.
Security Benchmark:
RHEL 7 STIG Version 2, Release 6
Published Sites:
DISA STIG Checklist for RHEL 7, site version 11
(The site version is provided for air-gap customers.)
Details:
Fixed and improved implementation for the following checks:
- The Red Hat Enterprise Linux operating system must display the date and time of the last successful account logon upon logon.
- The Red Hat Enterprise Linux operating system must not have unauthorized IP tunnels configured.
- For Red Hat Enterprise Linux operating systems using DNS resolution, at least two name servers must be configured.
- The Red Hat Enterprise Linux operating system must label all off-loaded audit logs before sending them to the central log server.
- The Red Hat Enterprise Linux operating system must implement NIST FIPS-validated cryptography for the following: to provision digital signatures, to generate cryptographic hashes, and to protect data requiring data-at-rest protections in
- The Red Hat Enterprise Linux operating system must take appropriate action when the audisp-remote buffer is full.
- The Red Hat Enterprise Linux operating system must require authentication upon booting into single-user and maintenance modes.
- The Red Hat Enterprise Linux operating system must implement cryptography to protect the integrity of Lightweight Directory Access Protocol (LDAP) authentication communications.
- The Red Hat Enterprise Linux operating system must enable an application firewall, if available.
- The Red Hat Enterprise Linux operating system must be a vendor-supported release.
- The Red Hat Enterprise Linux operating system must implement cryptography to protect the integrity of Lightweight Directory Access Protocol (LDAP) communications. (B)
- The Red Hat Enterprise Linux operating system must initiate an action to notify the System Administrator (SA) and Information System Security Officer ISSO, at a minimum, when allocated audit record storage volume reaches 75% of the repos
- The Red Hat Enterprise Linux operating Must be configured so that all networked systems have SSH installed
- The Red Hat Enterprise Linux operating system must be configured so that the SSH private host key files have mode 0640 or less permissive
Actions to take:
• To subscribe to the above site, you can use the License Overview Dashboard to enable and gather the site. Note that you must be entitled to the BigFix Compliance product and you must be using BigFix version 9.2 and later.
• If you use custom sites, update your custom sites accordingly to use the latest content. You can synchronize your content by using the Synchronize Custom Checks wizard. For more information, see https://help.hcltechsw.com/bigfix/9.5/compliance/Compliance/SCM_Users_Guide/c_using_synchronize_custom_checks_wiz.html.
More information:
To know more about the BigFix Compliance SCM checklists, please see the following resources:
• BigFix Forum:
https://forum.bigfix.com/c/release-announcements/compliance
• BigFix Compliance SCM Checklists:
https://help.hcltechsw.com/bigfix/10.0/compliance/Compliance/SCM_Checklist/SCM_Checklist.html
We hope you find this latest release of SCM content useful and effective. Thank you!
– The BigFix Compliance team