Skip to content

DISA STIG for Oracle Linux 8

Rules and Groups employed by this XCCDF Profile

  • Set Password Maximum Age

    To specify password maximum age for new accounts, edit the file <code>/etc/login.defs</code> and add or correct the following line: <pre>PASS_MAX_D...
    Rule Medium Severity
  • Set Password Minimum Age

    To specify password minimum age for new accounts, edit the file <code>/etc/login.defs</code> and add or correct the following line: <pre>PASS_MIN_D...
    Rule Medium Severity
  • Set Password Minimum Length in login.defs

    To specify password length requirements for new accounts, edit the file <code>/etc/login.defs</code> and add or correct the following line: <pre>PA...
    Rule Medium Severity
  • Set Existing Passwords Maximum Age

    Configure non-compliant accounts to enforce a <xccdf-1.2:sub idref="xccdf_org.ssgproject.content_value_var_accounts_maximum_age_login_defs" use="le...
    Rule Medium Severity
  • Set Existing Passwords Minimum Age

    Configure non-compliant accounts to enforce a 24 hours/1 day minimum password lifetime by running the following command: <pre>$ sudo chage -m 1 <i>...
    Rule Medium Severity
  • Verify Proper Storage and Existence of Password Hashes

    By default, password hashes for local accounts are stored in the second field (colon-separated) in <code>/etc/shadow</code>. This file should be re...
    Group
  • Verify All Account Password Hashes are Shadowed with SHA512

    Verify the operating system requires the shadow password suite configuration be set to encrypt interactive user passwords using a strong cryptograp...
    Rule Medium Severity
  • Prevent Login to Accounts With Empty Password

    If an account is configured for password authentication but does not have an assigned password, it may be possible to log into the account without ...
    Rule High Severity
  • Ensure There Are No Accounts With Blank or Null Passwords

    Check the "/etc/shadow" file for blank passwords with the following command: <pre>$ sudo awk -F: '!$2 {print $1}' /etc/shadow</pre> If the command ...
    Rule High Severity
  • Restrict Root Logins

    Direct root logins should be allowed only for emergency use. In normal situations, the administrator should access the system via a unique unprivil...
    Group

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules