DISA: Red Hat Enterprise Linux 7

This document provides information about the hotfix containing Red Hat Linux 7 Benchmark Version 3 Release 6 published on January 27, 2022. This template contains implementation for 274 rules that can be installed on TrueSight Server Automation 20.x and later. 

Determine whether you need to install the template

If you have done a fresh installation of version 22.2, you don't need to do anything because this template is installed as part of the 22.2 installation process.

If you have upgraded to 22.2 or later, this template is not installed automatically. To install this template, do one of the following actions:

  • Perform the steps mentioned in this topic.
    Through this method, the DISA STIG template for Red Hat Enterprise Linux 7 is installed.

  • Upgrade the compliance content by using one of the following methods:

    Important

    Rename any existing customized template before you run the Auto Content Import Job or install the template manually. 

    • Through the Auto Content Import Job after the upgrade. During the Application Server upgrade, the Network Shell script of this job is updated. After you upgrade TrueSight Server Automation, execute this job to obtain the latest compliance content.
      Through this method, the latest version of all the templates that are available in version 22.2 are installed. For the complete list of supported templates and their versions, see Compliance-Content-support-and-requirements.
    • Install manually by using the content installer. Ensure that you use the content installer of the same version as the Application Server version. For information about how to install the compliance content manually, see Walkthrough-Loading-compliance-content.
      When you use this method, you have the flexibility to choose the template that you want to install from the set of templates that are available in version 22.2.

Before you begin

Before you import this template, ensure that the following requirements are met:

  • Review the default values of the template's local and global properties and ensure that they meet the organization standards.
  • Rename any existing customized template before you import the latest template.
  • Back up the sensors folder located in the <AppServerInstallDir>/share directory on all the Application Servers in a multiple Application Server environment. This folder contains the extended object scripts.

Step 1: Downloading and installing the files

  1. Download the DISA-RedHat7 and extended_objects packages from the below location.
    You must log in or register to view this page

    Click here to expand checksum related infromation

     Verify the downloaded content by using the following check sums.

    S.No

    File Name

    MD5SUM

    1

    DISA - RedHat 7.zip

    97879b2f98327b4c5175463c415f69f5

    2

    ExtendedObjects.zip

    3b7bc78c60588ae5acb4f7060aaaaf2a

  2. Extract the contents of ExtendedObjects.zip to a temporary directory and copy the extracted files to the existing <APPRSERVER_INSTALL_DIR>/share/sensors directory on all the Application Servers.
  3. Move the DISA-RedHat7.zip to the server where the TrueSight Server Automation console is installed.

Step 3: Import the Compliance Content

  1. Log on to the Console.
  2. Right-click on Component Templates and click Import
  3. Select the Import (Version-neutral) option.
  4. Select the updated Disa - RedHat 7. zip package.
    41B0BD1.PNG

  5. The DISA STIG template for RHEL 7 is available in the Disa - RedHat 7 zip package. To import the templates, select the templates as shown in the following screenshot.

    image2022-5-19_16-24-29.png

  6. Ensure that you select the Use existing objects and Preserve template group path options before you click Next.
  7. Navigate to the last screen of the wizard and click Finish.
  8. The template is imported successfully. Click OK.
    The imported template is shown under DISA Compliance Content  >  DISA STIG Revised.
    rhel7-success-import.png

Special issues for rules within the template

The following are the details of the 274 rules provided in the zip package. It contains the following types of rules:

  • Rules that check for compliance and provides remediation - 202
  • Rules that check for compliance but do not provide remediation - 59
  • Rules that do not check for compliance and do not provide remediation - 13

The following are the details of the rules that are divided into parts:

  • Rules not divided into parts - 222
  • Rules Divided into two parts - (21 Rules divided into 2 parts) so (21 * 2) = 42
  • Rules Divided into three parts - (2 Rules divided into 3 parts) so (2 * 3) = 6
  • Rules Divided into four parts - (1 Rule is divided into 4 parts) so (1 * 4) = 4

So, the current rule count as per DISA - Red Hat Enterprise Linux 7 template after running the compliance job is 274 (222 + 42 + 6 + 4)

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*