SRG-OS-000368-GPOS-00154 Rules

SRG-OS-000368-GPOS-00154 Controls

STIG ID	Version	Title
ALMA-09-026090	V1R1	AlmaLinux OS 9 must prevent device files from being interpreted on file systems that contain user home directories.
ALMA-09-026200	V1R1	AlmaLinux OS 9 must prevent files with the setuid and setgid bit set from being executed on the /boot/efi directory.
ALMA-09-026310	V1R1	AlmaLinux OS 9 must mount /boot with the nodev option.
ALMA-09-026420	V1R1	AlmaLinux OS 9 must prevent files with the setuid and setgid bit set from being executed on the /boot directory.
ALMA-09-026530	V1R1	AlmaLinux OS 9 must mount /dev/shm with the nodev option.
ALMA-09-026640	V1R1	AlmaLinux OS 9 must mount /dev/shm with the noexec option.
ALMA-09-026750	V1R1	AlmaLinux OS 9 must mount /dev/shm with the nosuid option.
ALMA-09-026860	V1R1	AlmaLinux OS 9 must mount /tmp with the nodev option.
ALMA-09-026970	V1R1	AlmaLinux OS 9 must mount /tmp with the noexec option.
ALMA-09-027080	V1R1	AlmaLinux OS 9 must mount /tmp with the nosuid option.
ALMA-09-027190	V1R1	AlmaLinux OS 9 must mount /var/log/audit with the nodev option.
ALMA-09-027300	V1R1	AlmaLinux OS 9 must mount /var/log/audit with the noexec option.
ALMA-09-027410	V1R1	AlmaLinux OS 9 must mount /var/log/audit with the nosuid option.
ALMA-09-027520	V1R1	AlmaLinux OS 9 must mount /var/log with the nodev option.
ALMA-09-027630	V1R1	AlmaLinux OS 9 must mount /var/log with the noexec option.
ALMA-09-027740	V1R1	AlmaLinux OS 9 must mount /var/log with the nosuid option.
ALMA-09-027850	V1R1	AlmaLinux OS 9 must mount /var with the nodev option.
ALMA-09-027960	V1R1	AlmaLinux OS 9 must mount /var/tmp with the nodev option.
ALMA-09-028070	V1R1	AlmaLinux OS 9 must mount /var/tmp with the noexec option.
ALMA-09-028180	V1R1	AlmaLinux OS 9 must mount /var/tmp with the nosuid option.
UBTU-18-010441	V2R15	The Ubuntu operating system must be configured to use AppArmor.
UBTU-20-010439	V1R9	The Ubuntu operating system must be configured to use AppArmor.
UBTU-24-100510	V1R1	Ubuntu 24.04 LTS must be configured to use AppArmor.
WN22-CC-000210	V2R1	Windows Server 2022 Autoplay must be turned off for nonvolume devices.
WN22-CC-000220	V2R1	Windows Server 2022 default AutoRun behavior must be configured to prevent AutoRun commands.
WN22-CC-000230	V2R1	Windows Server 2022 AutoPlay must be disabled for all drives.
WN10-CC-000180	V2R8	Autoplay must be turned off for non-volume devices.
WN10-CC-000185	V2R8	The default autorun behavior must be configured to prevent autorun commands.
WN10-CC-000190	V2R8	Autoplay must be disabled for all drives.
WN11-CC-000180	V2R1	Autoplay must be turned off for non-volume devices.
WN11-CC-000185	V2R1	The default autorun behavior must be configured to prevent autorun commands.
WN11-CC-000190	V2R1	Autoplay must be disabled for all drives.
UBTU-22-431015	V2R1	Ubuntu 22.04 LTS must be configured to use AppArmor.
RHEL-08-040120	V1R9	RHEL 8 must mount /dev/shm with the nodev option.
RHEL-08-040121	V1R9	RHEL 8 must mount /dev/shm with the nosuid option.
RHEL-08-040122	V1R9	RHEL 8 must mount /dev/shm with the noexec option.
RHEL-08-040123	V1R9	RHEL 8 must mount /tmp with the nodev option.
RHEL-08-040124	V1R9	RHEL 8 must mount /tmp with the nosuid option.
RHEL-08-040125	V1R9	RHEL 8 must mount /tmp with the noexec option.
RHEL-08-040126	V1R9	RHEL 8 must mount /var/log with the nodev option.
RHEL-08-040127	V1R9	RHEL 8 must mount /var/log with the nosuid option.
RHEL-08-040128	V1R9	RHEL 8 must mount /var/log with the noexec option.
RHEL-08-040129	V1R9	RHEL 8 must mount /var/log/audit with the nodev option.
RHEL-08-040130	V1R9	RHEL 8 must mount /var/log/audit with the nosuid option.
RHEL-08-040131	V1R9	RHEL 8 must mount /var/log/audit with the noexec option.
RHEL-08-040132	V1R9	RHEL 8 must mount /var/tmp with the nodev option.
RHEL-08-040133	V1R9	RHEL 8 must mount /var/tmp with the nosuid option.
RHEL-08-040134	V1R9	RHEL 8 must mount /var/tmp with the noexec option.
RHEL-08-040135	V1R9	The RHEL 8 fapolicy module must be installed.
RHEL-08-040136	V1R9	The RHEL 8 fapolicy module must be enabled.
RHEL-08-040137	V1R9	The RHEL 8 fapolicy module must be configured to employ a deny-all, permit-by-exception policy to allow the execution of authorized software programs.
RHEL-07-021024	V3R8	The Red Hat Enterprise Linux operating system must mount /dev/shm with secure options.
RHEL-09-231045	V2R1	RHEL 9 must prevent device files from being interpreted on file systems that contain user home directories.
RHEL-09-231050	V2R1	RHEL 9 must prevent files with the setuid and setgid bit set from being executed on file systems that contain user home directories.
RHEL-09-231095	V2R1	RHEL 9 must mount /boot with the nodev option.
RHEL-09-231100	V2R1	RHEL 9 must prevent files with the setuid and setgid bit set from being executed on the /boot directory.
RHEL-09-231105	V2R1	RHEL 9 must prevent files with the setuid and setgid bit set from being executed on the /boot/efi directory.
RHEL-09-231110	V2R1	RHEL 9 must mount /dev/shm with the nodev option.
RHEL-09-231115	V2R1	RHEL 9 must mount /dev/shm with the noexec option.
RHEL-09-231120	V2R1	RHEL 9 must mount /dev/shm with the nosuid option.
RHEL-09-231125	V2R1	RHEL 9 must mount /tmp with the nodev option.
RHEL-09-231130	V2R1	RHEL 9 must mount /tmp with the noexec option.
RHEL-09-231135	V2R1	RHEL 9 must mount /tmp with the nosuid option.
RHEL-09-231140	V2R1	RHEL 9 must mount /var with the nodev option.
RHEL-09-231145	V2R1	RHEL 9 must mount /var/log with the nodev option.
RHEL-09-231150	V2R1	RHEL 9 must mount /var/log with the noexec option.
RHEL-09-231155	V2R1	RHEL 9 must mount /var/log with the nosuid option.
RHEL-09-231160	V2R1	RHEL 9 must mount /var/log/audit with the nodev option.
RHEL-09-231165	V2R1	RHEL 9 must mount /var/log/audit with the noexec option.
RHEL-09-231170	V2R1	RHEL 9 must mount /var/log/audit with the nosuid option.
RHEL-09-231175	V2R1	RHEL 9 must mount /var/tmp with the nodev option.
RHEL-09-231180	V2R1	RHEL 9 must mount /var/tmp with the noexec option.
RHEL-09-231185	V2R1	RHEL 9 must mount /var/tmp with the nosuid option.
RHEL-09-271030	V2R1	RHEL 9 must disable the graphical user interface autorun function unless required.
OL09-00-002030	V1R1	OL 9 must mount /boot with the nodev option.
OL09-00-002031	V1R1	OL 9 must prevent files with the setuid and setgid bit set from being executed on the /boot directory.
OL09-00-002032	V1R1	OL 9 must prevent files with the setuid and setgid bit set from being executed on the /boot/efi directory.
OL09-00-002040	V1R1	OL 9 must mount /dev/shm with the nodev option.
OL09-00-002041	V1R1	OL 9 must mount /dev/shm with the noexec option.
OL09-00-002042	V1R1	OL 9 must mount /dev/shm with the nosuid option.
OL09-00-002050	V1R1	OL 9 must mount /tmp with the nodev option.
OL09-00-002051	V1R1	OL 9 must mount /tmp with the noexec option.
OL09-00-002052	V1R1	OL 9 must mount /tmp with the nosuid option.
OL09-00-002060	V1R1	OL 9 must mount /var with the nodev option.
OL09-00-002061	V1R1	OL 9 must mount /var/log with the nodev option.
OL09-00-002062	V1R1	OL 9 must mount /var/log with the noexec option.
OL09-00-002063	V1R1	OL 9 must mount /var/log with the nosuid option.
OL09-00-002064	V1R1	OL 9 must mount /var/log/audit with the nodev option.
OL09-00-002065	V1R1	OL 9 must mount /var/log/audit with the noexec option.
OL09-00-002066	V1R1	OL 9 must mount /var/log/audit with the nosuid option.
OL09-00-002067	V1R1	OL 9 must mount /var/tmp with the nodev option.
OL09-00-002068	V1R1	OL 9 must mount /var/tmp with the noexec option.
OL09-00-002069	V1R1	OL 9 must mount /var/tmp with the nosuid option.
OL09-00-002070	V1R1	OL 9 must prevent device files from being interpreted on file systems that contain user home directories.
OL09-00-002071	V1R1	OL 9 must prevent files with the setuid and setgid bit set from being executed on file systems that contain user home directories.
OL09-00-002101	V1R1	OL 9 must disable the graphical user interface autorun function unless required.
WN16-CC-000250	V2R10	AutoPlay must be turned off for non-volume devices.
WN16-CC-000260	V2R10	The default AutoRun behavior must be configured to prevent AutoRun commands.
WN16-CC-000270	V2R10	AutoPlay must be disabled for all drives.
OL07-00-021024	V2R14	The Oracle Linux operating system must mount /dev/shm with secure options.
WN19-CC-000210	V2R8	Windows Server 2019 Autoplay must be turned off for non-volume devices.
WN19-CC-000220	V2R8	Windows Server 2019 default AutoRun behavior must be configured to prevent AutoRun commands.
WN19-CC-000230	V2R8	Windows Server 2019 AutoPlay must be disabled for all drives.
OL08-00-040120	V1R9	OL 8 must mount "/dev/shm" with the "nodev" option.
OL08-00-040121	V1R9	OL 8 must mount "/dev/shm" with the "nosuid" option.
OL08-00-040122	V1R9	OL 8 must mount "/dev/shm" with the "noexec" option.
OL08-00-040123	V1R9	OL 8 must mount "/tmp" with the "nodev" option.
OL08-00-040124	V1R9	OL 8 must mount "/tmp" with the "nosuid" option.
OL08-00-040125	V1R9	OL 8 must mount "/tmp" with the "noexec" option.
OL08-00-040126	V1R9	OL 8 must mount "/var/log" with the "nodev" option.
OL08-00-040127	V1R9	OL 8 must mount "/var/log" with the "nosuid" option.
OL08-00-040128	V1R9	OL 8 must mount "/var/log" with the "noexec" option.
OL08-00-040129	V1R9	OL 8 must mount "/var/log/audit" with the "nodev" option.
OL08-00-040130	V1R9	OL 8 must mount "/var/log/audit" with the "nosuid" option.
OL08-00-040131	V1R9	OL 8 must mount "/var/log/audit" with the "noexec" option.
OL08-00-040132	V1R9	OL 8 must mount "/var/tmp" with the "nodev" option.
OL08-00-040133	V1R9	OL 8 must mount "/var/tmp" with the "nosuid" option.
OL08-00-040134	V1R9	OL 8 must mount "/var/tmp" with the "noexec" option.
OL08-00-040135	V1R9	The OL 8 "fapolicy" module must be installed.
OL08-00-040136	V1R9	The OL 8 "fapolicy" module must be enabled.
OL08-00-040137	V1R9	The OL 8 fapolicy module must be configured to employ a deny-all, permit-by-exception policy to allow the execution of authorized software programs.