| ALMA-09-026090 |
V1R1 |
AlmaLinux OS 9 must prevent device files from being interpreted on file systems that contain user home directories. |
|
| ALMA-09-026200 |
V1R1 |
AlmaLinux OS 9 must prevent files with the setuid and setgid bit set from being executed on the /boot/efi directory. |
|
| ALMA-09-026310 |
V1R1 |
AlmaLinux OS 9 must mount /boot with the nodev option. |
|
| ALMA-09-026420 |
V1R1 |
AlmaLinux OS 9 must prevent files with the setuid and setgid bit set from being executed on the /boot directory. |
|
| ALMA-09-026530 |
V1R1 |
AlmaLinux OS 9 must mount /dev/shm with the nodev option. |
|
| ALMA-09-026640 |
V1R1 |
AlmaLinux OS 9 must mount /dev/shm with the noexec option. |
|
| ALMA-09-026750 |
V1R1 |
AlmaLinux OS 9 must mount /dev/shm with the nosuid option. |
|
| ALMA-09-026860 |
V1R1 |
AlmaLinux OS 9 must mount /tmp with the nodev option. |
|
| ALMA-09-026970 |
V1R1 |
AlmaLinux OS 9 must mount /tmp with the noexec option. |
|
| ALMA-09-027080 |
V1R1 |
AlmaLinux OS 9 must mount /tmp with the nosuid option. |
|
| ALMA-09-027190 |
V1R1 |
AlmaLinux OS 9 must mount /var/log/audit with the nodev option. |
|
| ALMA-09-027300 |
V1R1 |
AlmaLinux OS 9 must mount /var/log/audit with the noexec option. |
|
| ALMA-09-027410 |
V1R1 |
AlmaLinux OS 9 must mount /var/log/audit with the nosuid option. |
|
| ALMA-09-027520 |
V1R1 |
AlmaLinux OS 9 must mount /var/log with the nodev option. |
|
| ALMA-09-027630 |
V1R1 |
AlmaLinux OS 9 must mount /var/log with the noexec option. |
|
| ALMA-09-027740 |
V1R1 |
AlmaLinux OS 9 must mount /var/log with the nosuid option. |
|
| ALMA-09-027850 |
V1R1 |
AlmaLinux OS 9 must mount /var with the nodev option. |
|
| ALMA-09-027960 |
V1R1 |
AlmaLinux OS 9 must mount /var/tmp with the nodev option. |
|
| ALMA-09-028070 |
V1R1 |
AlmaLinux OS 9 must mount /var/tmp with the noexec option. |
|
| ALMA-09-028180 |
V1R1 |
AlmaLinux OS 9 must mount /var/tmp with the nosuid option. |
|
| OL07-00-021024 |
V3R1 |
The Oracle Linux operating system must mount /dev/shm with secure options. |
|
| OL08-00-040120 |
V2R2 |
OL 8 must mount "/dev/shm" with the "nodev" option. |
|
| OL08-00-040121 |
V2R2 |
OL 8 must mount "/dev/shm" with the "nosuid" option. |
|
| OL08-00-040122 |
V2R2 |
OL 8 must mount "/dev/shm" with the "noexec" option. |
|
| OL08-00-040123 |
V2R2 |
OL 8 must mount "/tmp" with the "nodev" option. |
|
| OL08-00-040124 |
V2R2 |
OL 8 must mount "/tmp" with the "nosuid" option. |
|
| OL08-00-040125 |
V2R2 |
OL 8 must mount "/tmp" with the "noexec" option. |
|
| OL08-00-040126 |
V2R2 |
OL 8 must mount "/var/log" with the "nodev" option. |
|
| OL08-00-040127 |
V2R2 |
OL 8 must mount "/var/log" with the "nosuid" option. |
|
| OL08-00-040128 |
V2R2 |
OL 8 must mount "/var/log" with the "noexec" option. |
|
| OL08-00-040129 |
V2R2 |
OL 8 must mount "/var/log/audit" with the "nodev" option. |
|
| OL08-00-040130 |
V2R2 |
OL 8 must mount "/var/log/audit" with the "nosuid" option. |
|
| OL08-00-040131 |
V2R2 |
OL 8 must mount "/var/log/audit" with the "noexec" option. |
|
| OL08-00-040132 |
V2R2 |
OL 8 must mount "/var/tmp" with the "nodev" option. |
|
| OL08-00-040133 |
V2R2 |
OL 8 must mount "/var/tmp" with the "nosuid" option. |
|
| OL08-00-040134 |
V2R2 |
OL 8 must mount "/var/tmp" with the "noexec" option. |
|
| OL08-00-040135 |
V2R2 |
The OL 8 "fapolicy" module must be installed. |
|
| OL08-00-040136 |
V2R2 |
The OL 8 "fapolicy" module must be enabled. |
|
| OL08-00-040137 |
V2R2 |
The OL 8 fapolicy module must be configured to employ a deny-all, permit-by-exception policy to allow the execution of authorized software programs. |
|
| RHEL-07-021024 |
V3R9 |
The Red Hat Enterprise Linux operating system must mount /dev/shm with secure options. |
|
| RHEL-08-040120 |
V2R1 |
RHEL 8 must mount /dev/shm with the nodev option. |
|
| RHEL-08-040121 |
V2R1 |
RHEL 8 must mount /dev/shm with the nosuid option. |
|
| RHEL-08-040122 |
V2R1 |
RHEL 8 must mount /dev/shm with the noexec option. |
|
| RHEL-08-040123 |
V2R1 |
RHEL 8 must mount /tmp with the nodev option. |
|
| RHEL-08-040124 |
V2R1 |
RHEL 8 must mount /tmp with the nosuid option. |
|
| RHEL-08-040125 |
V2R1 |
RHEL 8 must mount /tmp with the noexec option. |
|
| RHEL-08-040126 |
V2R1 |
RHEL 8 must mount /var/log with the nodev option. |
|
| RHEL-08-040127 |
V2R1 |
RHEL 8 must mount /var/log with the nosuid option. |
|
| RHEL-08-040128 |
V2R1 |
RHEL 8 must mount /var/log with the noexec option. |
|
| RHEL-08-040129 |
V2R1 |
RHEL 8 must mount /var/log/audit with the nodev option. |
|
| RHEL-08-040130 |
V2R1 |
RHEL 8 must mount /var/log/audit with the nosuid option. |
|
| RHEL-08-040131 |
V2R1 |
RHEL 8 must mount /var/log/audit with the noexec option. |
|
| RHEL-08-040132 |
V2R1 |
RHEL 8 must mount /var/tmp with the nodev option. |
|
| RHEL-08-040133 |
V2R1 |
RHEL 8 must mount /var/tmp with the nosuid option. |
|
| RHEL-08-040134 |
V2R1 |
RHEL 8 must mount /var/tmp with the noexec option. |
|
| RHEL-08-040135 |
V2R1 |
The RHEL 8 fapolicy module must be installed. |
|
| RHEL-08-040136 |
V2R1 |
The RHEL 8 fapolicy module must be enabled. |
|
| RHEL-08-040137 |
V2R1 |
The RHEL 8 fapolicy module must be configured to employ a deny-all, permit-by-exception policy to allow the execution of authorized software programs. |
|
| RHEL-09-231045 |
V2R2 |
RHEL 9 must prevent device files from being interpreted on file systems that contain user home directories. |
|
| RHEL-09-231050 |
V2R2 |
RHEL 9 must prevent files with the setuid and setgid bit set from being executed on file systems that contain user home directories. |
|
| RHEL-09-231095 |
V2R2 |
RHEL 9 must mount /boot with the nodev option. |
|
| RHEL-09-231100 |
V2R2 |
RHEL 9 must prevent files with the setuid and setgid bit set from being executed on the /boot directory. |
|
| RHEL-09-231105 |
V2R2 |
RHEL 9 must prevent files with the setuid and setgid bit set from being executed on the /boot/efi directory. |
|
| RHEL-09-231110 |
V2R2 |
RHEL 9 must mount /dev/shm with the nodev option. |
|
| RHEL-09-231115 |
V2R2 |
RHEL 9 must mount /dev/shm with the noexec option. |
|
| RHEL-09-231120 |
V2R2 |
RHEL 9 must mount /dev/shm with the nosuid option. |
|
| RHEL-09-231125 |
V2R2 |
RHEL 9 must mount /tmp with the nodev option. |
|
| RHEL-09-231130 |
V2R2 |
RHEL 9 must mount /tmp with the noexec option. |
|
| RHEL-09-231135 |
V2R2 |
RHEL 9 must mount /tmp with the nosuid option. |
|
| RHEL-09-231140 |
V2R2 |
RHEL 9 must mount /var with the nodev option. |
|
| RHEL-09-231145 |
V2R2 |
RHEL 9 must mount /var/log with the nodev option. |
|
| RHEL-09-231150 |
V2R2 |
RHEL 9 must mount /var/log with the noexec option. |
|
| RHEL-09-231155 |
V2R2 |
RHEL 9 must mount /var/log with the nosuid option. |
|
| RHEL-09-231160 |
V2R2 |
RHEL 9 must mount /var/log/audit with the nodev option. |
|
| RHEL-09-231165 |
V2R2 |
RHEL 9 must mount /var/log/audit with the noexec option. |
|
| RHEL-09-231170 |
V2R2 |
RHEL 9 must mount /var/log/audit with the nosuid option. |
|
| RHEL-09-231175 |
V2R2 |
RHEL 9 must mount /var/tmp with the nodev option. |
|
| RHEL-09-231180 |
V2R2 |
RHEL 9 must mount /var/tmp with the noexec option. |
|
| RHEL-09-231185 |
V2R2 |
RHEL 9 must mount /var/tmp with the nosuid option. |
|
| RHEL-09-271030 |
V2R2 |
RHEL 9 must disable the graphical user interface autorun function unless required. |
|
| UBTU-18-010441 |
V2R15 |
The Ubuntu operating system must be configured to use AppArmor. |
|
| UBTU-20-010439 |
V2R1 |
The Ubuntu operating system must be configured to use AppArmor. |
|
| UBTU-22-431015 |
V2R2 |
Ubuntu 22.04 LTS must be configured to use AppArmor. |
|
| WN10-CC-000180 |
V3R2 |
Autoplay must be turned off for non-volume devices. |
|
| WN10-CC-000185 |
V3R2 |
The default autorun behavior must be configured to prevent autorun commands. |
|
| WN10-CC-000190 |
V3R2 |
Autoplay must be disabled for all drives. |
|
| WN11-CC-000180 |
V2R2 |
Autoplay must be turned off for non-volume devices. |
|
| WN11-CC-000185 |
V2R2 |
The default autorun behavior must be configured to prevent autorun commands. |
|
| WN11-CC-000190 |
V2R2 |
Autoplay must be disabled for all drives. |
|
| WN16-CC-000250 |
V2R9 |
AutoPlay must be turned off for non-volume devices. |
|
| WN16-CC-000260 |
V2R9 |
The default AutoRun behavior must be configured to prevent AutoRun commands. |
|
| WN16-CC-000270 |
V2R9 |
AutoPlay must be disabled for all drives. |
|
| WN19-CC-000210 |
V3R2 |
Windows Server 2019 Autoplay must be turned off for non-volume devices. |
|
| WN19-CC-000220 |
V3R2 |
Windows Server 2019 default AutoRun behavior must be configured to prevent AutoRun commands. |
|
| WN19-CC-000230 |
V3R2 |
Windows Server 2019 AutoPlay must be disabled for all drives. |
|
| WN22-CC-000210 |
V2R2 |
Windows Server 2022 Autoplay must be turned off for nonvolume devices. |
|
| WN22-CC-000220 |
V2R2 |
Windows Server 2022 default AutoRun behavior must be configured to prevent AutoRun commands. |
|
| WN22-CC-000230 |
V2R2 |
Windows Server 2022 AutoPlay must be disabled for all drives. |
|