Skip to content
Log In

DISA STIG for Red Hat Enterprise Linux 8

Rules and Groups employed by this XCCDF Profile

  • Enable Kernel Page-Table Isolation (KPTI)

    To enable Kernel page-table isolation, add the argument <code>pti=on</code> to the default GRUB 2 command line for the Linux operating system. To ensure that <code>pti=on</code> is added as a kerne...
    Rule Low Severity
    Show

  • Disable vsyscalls

    To disable use of virtual syscalls, add the argument <code>vsyscall=none</code> to the default GRUB 2 command line for the Linux operating system. To ensure that <code>vsyscall=none</code> is added...
    Rule Medium Severity
    Show

  • Non-UEFI GRUB2 bootloader configuration

    Non-UEFI GRUB2 bootloader configuration
    Group
    Show

  • Set the Boot Loader Admin Username to a Non-Default Value

    The grub2 boot loader should have a superuser account and password protection enabled to protect boot-time settings. <br> <br> To maximize the protection, select a password-protecte...
    Rule High Severity
    Show

  • Set Boot Loader Password in grub2

    The grub2 boot loader should have a superuser account and password protection enabled to protect boot-time settings. <br> <br> Since plaintext passwords are a security risk, generat...
    Rule High Severity
    Show

  • UEFI GRUB2 bootloader configuration

    UEFI GRUB2 bootloader configuration
    Group
    Show

  • Set the UEFI Boot Loader Admin Username to a Non-Default Value

    The grub2 boot loader should have a superuser account and password protection enabled to protect boot-time settings. <br> <br> To maximize the protection, select a password-protecte...
    Rule Medium Severity
    Show

  • Set the UEFI Boot Loader Password

    The grub2 boot loader should have a superuser account and password protection enabled to protect boot-time settings. <br> <br> Since plaintext passwords are a security risk, generat...
    Rule High Severity
    Show

  • Configure Syslog

    The syslog service has been the default Unix logging mechanism for many years. It has a number of downsides, including inconsistent log format, lack of authentication for received messages, and lac...
    Group
    Show

  • Ensure rsyslog-gnutls is installed

    TLS protocol support for rsyslog is installed. The rsyslog-gnutls package can be installed with the following command: 
    $ sudo yum install rsyslog-gnutls
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules