DISA STIG for Red Hat Enterprise Linux 8
Rules and Groups employed by this XCCDF Profile
-
Add nosuid Option to /boot
The <code>nosuid</code> mount option can be used to prevent execution of setuid programs in <code>/boot</code>. The SUID and SGID permissions shoul...Rule Medium Severity -
Add nodev Option to /dev/shm
The <code>nodev</code> mount option can be used to prevent creation of device files in <code>/dev/shm</code>. Legitimate character and block device...Rule Medium Severity -
Add noexec Option to /dev/shm
The <code>noexec</code> mount option can be used to prevent binaries from being executed out of <code>/dev/shm</code>. It can be dangerous to allow...Rule Medium Severity -
Add nosuid Option to /dev/shm
The <code>nosuid</code> mount option can be used to prevent execution of setuid programs in <code>/dev/shm</code>. The SUID and SGID permissions s...Rule Medium Severity -
Add noexec Option to /home
The <code>noexec</code> mount option can be used to prevent binaries from being executed out of <code>/home</code>. Add the <code>noexec</code> opt...Rule Medium Severity -
Add nosuid Option to /home
The <code>nosuid</code> mount option can be used to prevent execution of setuid programs in <code>/home</code>. The SUID and SGID permissions shoul...Rule Medium Severity -
Add nodev Option to Non-Root Local Partitions
The <code>nodev</code> mount option prevents files from being interpreted as character or block devices. Legitimate character and block devices sho...Rule Medium Severity -
Add nodev Option to Removable Media Partitions
The <code>nodev</code> mount option prevents files from being interpreted as character or block devices. Legitimate character and block devices sho...Rule Medium Severity -
Add noexec Option to Removable Media Partitions
The <code>noexec</code> mount option prevents the direct execution of binaries on the mounted filesystem. Preventing the direct execution of binari...Rule Medium Severity -
Add nosuid Option to Removable Media Partitions
The <code>nosuid</code> mount option prevents set-user-identifier (SUID) and set-group-identifier (SGID) permissions from taking effect. These perm...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules