TickYouOff
Sign in
Back
🔒

Oracle Linux 8 STIG Compliance (Ver 2, Rel 7)

Hard 16 items · 4 hours
testuser's avatar
testuser Published 1 month ago
Security

This checklist guides administrators and auditors through the key steps to assess and bring Oracle Linux 8 systems into compliance with the DISA STIG (Ver 2, Rel 7). It’s aimed at system administrators, security engineers, and compliance teams who need a practical, actionable workflow for downloads, scanning, remediation, and ongoing maintenance.

Source: https://ncp.nist.gov/checklist/1004

Progress
0 / 16
  1. Review Oracle Linux 8 STIG checklist details — Confirm checklist ID 1004, Ver 2 Rel 7, scope, and summary before starting.
  2. Download SCAP and supporting content — Gather official SCAP, XCCDF, and automated content referenced by DISA.
  3. Download SCAP 1.3 content for Oracle Linux 8 STIG — Get the SCAP 1.3 Benchmark (Ver 2, Rel 7) for accurate scanning.
  4. Download Standalone XCCDF 1.1.4 for Oracle Linux 8 STIG — Obtain XCCDF content for manual review and tool compatibility.
  5. Download automated SCC content for Oracle Linux 8 x86_64 — Grab SCC automated content for remediation and scanning where available.
  6. Verify system CPE matches Oracle Linux 8.0 — Check host CPE (cpe:/o:oracle:linux:8.0) to ensure the STIG applies.
  7. Apply OS updates and security patches — Install latest kernel and security packages before scanning.
  8. Harden system configuration per STIG — Implement configuration baselines and controls listed in the STIG.
  9. Disable unused services and packages — Stop and mask non-required services to reduce attack surface.
  10. Enforce password, account and authentication policies — Set complexity, lockout, expiration, and sudo restrictions per STIG.
  11. Enable and configure auditd and centralized logging — Ensure audit rules cover privileged actions and logs are retained/forwarded.
  12. Deploy Ansible or automated remediation content — Use DISA Ansible/XCCDF playbooks or SCC content to apply remediations.
  13. Run SCAP/XCCDF compliance scan and review findings — Use OpenSCAP or SCC tools to generate a compliance report for the host.
  14. Remediate failures and re-scan — Address findings, apply fixes, then re-run scans to confirm compliance.
  15. Document exceptions and submit change requests if needed — Record deviations and email proposed revisions to [email protected].
  16. Schedule regular rescans and monitor DISA resource updates — Subscribe to DISA updates and refresh SCAP/XCCDF/SHAs as resources change.
Sign in to save
📝 My Notes