IBM BigFix Compliance: Updated DISA STIG Checklist for RHEL 7 published 2018-08-01

IBM BigFix Compliance

Updated a few checks with bugfixes on DISA STIG Checklist for RHEL 7

Security Benchmark:
Red Hat Enterprise Linux 7 Manual STIG Benchmark, Version 1, Release 1

Published Sites:
Updated DISA STIG Checklist for RHEL 7, site version 6
(The site version is provided for air-gap customers.)

• RHEL-07-030010: Also check for “failure 2”.
• RHEL-07-040410: Fixed check for proper permissions.
• RHEL-07-020050: Fixed search for gpgcheck, now anchors to beginning of line to avoid localpkg_gpgcheck and repo_gpgcheck.
• RHEL-07-040710: Fixed typo in params file causing false noncompliance.
• RHEL-07-021030: Now checks group owner of world writeable directories.
• RHEL-07-021000: Now looks for nosuid instead of nosetuid.
• RHEL-07-040400: Fixed typo in params file and now does case insensitive search.
• RHEL-07-040420: Fixed check for proper permissions.
• RHEL-07-030330: Excludes admin_space_left.
• RHEL-07-030340: Excludes admin_space_left_action.
• RHEL-07-020720: Excludes other variables containing the word PATH.

Actions to take:
• To subscribe to the above site, you can use the License Overview Dashboard to enable and gather the site. Note that you must be entitled to the BigFix Compliance product and you must be using IBM BigFix version 9.2 and later.

• If you use custom sites, update your custom sites accordingly to use the latest content. You can synchronize your content by using the Synchronize Custom Checks wizard. For more information, see

More information:
To know more about the IBM BigFix Compliance SCM checklists, please see the following resources:
• IBM Developer Works:!/wiki/Tivoli%20Endpoint%20Manager/page/SCM%20Checklists

• IBM BigFix Blog:

• IBM BigFix Forum:

We hope you find this latest release of SCM content useful and effective. Thank you!

– The IBM BigFix Compliance team