DISA STIG with GUI for Red Hat Enterprise Linux 8
Rules and Groups employed by this XCCDF Profile
-
Add nodev Option to /dev/shm
The <code>nodev</code> mount option can be used to prevent creation of device files in <code>/dev/shm</code>. Legitimate character and block device...Rule Medium Severity -
Add noexec Option to /dev/shm
The <code>noexec</code> mount option can be used to prevent binaries from being executed out of <code>/dev/shm</code>. It can be dangerous to allow...Rule Medium Severity -
Add nosuid Option to /dev/shm
The <code>nosuid</code> mount option can be used to prevent execution of setuid programs in <code>/dev/shm</code>. The SUID and SGID permissions s...Rule Medium Severity -
Add noexec Option to /home
The <code>noexec</code> mount option can be used to prevent binaries from being executed out of <code>/home</code>. Add the <code>noexec</code> opt...Rule Medium Severity -
Add nosuid Option to /home
The <code>nosuid</code> mount option can be used to prevent execution of setuid programs in <code>/home</code>. The SUID and SGID permissions shoul...Rule Medium Severity -
Add nodev Option to Non-Root Local Partitions
The <code>nodev</code> mount option prevents files from being interpreted as character or block devices. Legitimate character and block devices sho...Rule Medium Severity -
Add nodev Option to Removable Media Partitions
The <code>nodev</code> mount option prevents files from being interpreted as character or block devices. Legitimate character and block devices sho...Rule Medium Severity -
Add noexec Option to Removable Media Partitions
The <code>noexec</code> mount option prevents the direct execution of binaries on the mounted filesystem. Preventing the direct execution of binari...Rule Medium Severity -
Add nosuid Option to Removable Media Partitions
The <code>nosuid</code> mount option prevents set-user-identifier (SUID) and set-group-identifier (SGID) permissions from taking effect. These perm...Rule Medium Severity -
Add nodev Option to /tmp
The <code>nodev</code> mount option can be used to prevent device files from being created in <code>/tmp</code>. Legitimate character and block dev...Rule Medium Severity -
Add noexec Option to /tmp
The <code>noexec</code> mount option can be used to prevent binaries from being executed out of <code>/tmp</code>. Add the <code>noexec</code> opti...Rule Medium Severity -
Add nosuid Option to /tmp
The <code>nosuid</code> mount option can be used to prevent execution of setuid programs in <code>/tmp</code>. The SUID and SGID permissions should...Rule Medium Severity -
Add nodev Option to /var/log/audit
The <code>nodev</code> mount option can be used to prevent device files from being created in <code>/var/log/audit</code>. Legitimate character and...Rule Medium Severity -
Add noexec Option to /var/log/audit
The <code>noexec</code> mount option can be used to prevent binaries from being executed out of <code>/var/log/audit</code>. Add the <code>noexec</...Rule Medium Severity -
Add nosuid Option to /var/log/audit
The <code>nosuid</code> mount option can be used to prevent execution of setuid programs in <code>/var/log/audit</code>. The SUID and SGID permissi...Rule Medium Severity -
Add nodev Option to /var/log
The <code>nodev</code> mount option can be used to prevent device files from being created in <code>/var/log</code>. Legitimate character and block...Rule Medium Severity -
Add noexec Option to /var/log
The <code>noexec</code> mount option can be used to prevent binaries from being executed out of <code>/var/log</code>. Add the <code>noexec</code> ...Rule Medium Severity -
Add nosuid Option to /var/log
The <code>nosuid</code> mount option can be used to prevent execution of setuid programs in <code>/var/log</code>. The SUID and SGID permissions sh...Rule Medium Severity -
Add nodev Option to /var/tmp
The <code>nodev</code> mount option can be used to prevent device files from being created in <code>/var/tmp</code>. Legitimate character and block...Rule Medium Severity -
Add noexec Option to /var/tmp
The <code>noexec</code> mount option can be used to prevent binaries from being executed out of <code>/var/tmp</code>. Add the <code>noexec</code> ...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.