Security hardening controls in detail
The Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux
6 contains over 200 security controls. The links below will allow you to review
each control based on a certain set of criteria.
Controls are divided into groups based on certain properties:
- Severity: Normally high, medium and low. High severity items are the ones
which should be completed first, since they pose the greatest threat to the
security of a system.
(These severity levels are set within the STIG.)
- Implementation status: Each control is assessed thoroughly before Ansible
tasks are written. Some controls may be listed as exceptions since they
can’t be implemented with automation, or they could cause damage to an
existing system. Other controls are listed as opt-in when they are
implemented, but they require a deployer to enable them.
(This categorization comes from ansible-hardening, not the STIG.)
- Tag: The controls are also separated based on which parts of the system
they act upon. Something that secures grub would be tagged with boot
while controls for sshd would be tagged with auth.
(This categorization comes from ansible-hardening, not the STIG.)
You can also review the STIG controls in one very large page. This can be
helpful when you need to search using your web browser.