×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')

Unsupported content

 

This version of the product is no longer supported. However, the documentation is available for your convenience. You will not be able to leave comments.
BMC Discovery 11.3 ... Security DISA Secure Technical Implementation Guidelines

STIG rules for RHEL6 addressed with restrictions

The following section details the STIG rules for Red Hat Enterprise Linux (RHEL) 6 that have been addressed in BMC Discovery, but have restrictions. The table provides links to STIG rule descriptions and details on the STIGviewer website. STIGviewer provides an online, searchable index of Public Domain STIG content, though is not related to DISA. The STIGviewer content may not be up to date.

 

Rule number

Description

RHEL-06-000003 V-38463

The system must use a separate file system for /var/log.
Note — Only applicable to systems kickstarted in 11.0 or later or upgraded from systems kickstarted in 9.0.2 or later.

RHEL-06-000004 V-38467

The system must use a separate file system for the system audit data path.
Note — Only applicable to systems kickstarted in 11.0 or upgraded from systems kickstarted in 9.0.2 or later.

RHEL-06-000349 V-38595

The system must be configured to require the use of a CAC, PIV compliant hardware token, or Alternate Logon Token (ALT) for authentication.
Note — By default, CAC, PIV compliant hardware tokens, and Alternate Logon Tokens (ALT) are not supported authentication mechanisms. BMC Discovery can be configured to use BMC Atrium SSO which connects to the authentication mechanism being used.

RHEL-06-000516 V-38454

Files and directories must not have different ownership from what is expected in the RPM database.

Note — Discovery intentionally changes/usr/tideway/bin and /usr/tideway/lib. Other files and directories may change during application of STIG rules, or by the OSU for security or functionality reasons.

RHEL-06-000517 V-38453

Files and directories must not have different group-ownership from what is expected in the RPM database.

Note — Discovery intentionally changes/usr/tideway/bin and /usr/tideway/lib. Other files and directories may change during application of STIG rules, or by the OSU for security or functionality reasons.

RHEL-06-000518 V-38452

Permissions of files should match the permissions expected in the RPM database.
Note — During the application of STIG rule configurations we change the permissions of various files, particularly removing setuid of root, and these files will appear during this test.

RHEL-06-000519 V-38447

Non-configuration files must not have file hashes different from what is expected in the RPM database.

Note — Some files may be updated during an upgrade. If for example, tw-python is updated, some python modules may be recompiled, changing the files on disk if the source for that module is shipped.


Was this page helpful? Yes No Submitting... Thank you
Last modified by Duncan Tweed on Jan 18, 2018

Comments

Log in or register to comment.

DISA Secure Technical Implementation Guidelines
STIG rules for RHEL6 met using compliance script
© Copyright 2004 - 2022 BMC Software, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.