Title:
Updated DISA STIG Checklist for RHEL 8 with bug fixes
Security Benchmark:
DISA STIG Checklist for RHEL 8 Benchmark, V1,R12
Published Sites:
DISA STIG Checklist for RHEL 8, site version 19
(The site version is provided for air-gap customers.)
Details:
- Fixed and Improved implementation and added more remediation support for the following check:
- RHEL 8 must use reverse path filtering on all IPv4 interfaces.
- Successful/unsuccessful uses of the kmod command in RHEL 8 must generate an audit record
- The RHEL 8 audit system must be configured to audit the execution of privileged functions and
prevent all software from executing at higher privilege levels than users executing the software. - RHEL 8 must prohibit the use of cached authentications after one day.
- RHEL 8 must use a separate file system for /var/log
- A separate RHEL 8 filesystem must be used for the /tmp directory
Actions to take:
- To subscribe to the above site, you can use the License Overview Dashboard to enable and gather the site. Note that you must be entitled to the BigFix Compliance product, and you must be using BigFix version 9.2 and later.
- If you use custom sites, update your custom sites accordingly to use the latest content. You can synchronize your content by using the Synchronize Custom Checks wizard. For more information, see Using the Synchronize Custom Checks wizard
More information:
To know more about the BigFix Compliance SCM checklists, please see the following resources:
- BigFix Forum:
https://forum.bigfix.com/c/release-announcements/compliance - BigFix Compliance SCM Checklists:
Welcome to Wikis
We hope you find this latest release of SCM content useful and effective. Thank you!
– The BigFix Compliance team