Security hardening controls in detail¶
The Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 6 contains over 200 security controls. The links below will allow you to review each control based on a certain set of criteria.
Controls are divided into groups based on certain properties:
- Severity: Normally high, medium and low. High severity items are the ones which should be completed first, since they pose the greatest threat to the security of a system. (These severity levels are set within the STIG.)
- Implementation status: Each control is assessed thoroughly before Ansible tasks are written. Some controls may be listed as exceptions since they can’t be implemented with automation, or they could cause damage to an existing system. Other controls are listed as opt-in when they are implemented, but they require a deployer to enable them. (This categorization comes from openstack-ansible-security, not the STIG.)
- Tag: The controls are also separated based on which parts of the system they act upon. Something that secures grub would be tagged with boot while controls for sshd would be tagged with auth. (This categorization comes from openstack-ansible-security, not the STIG.)
You can also review the STIG controls in one very large page. This can be helpful when you need to search using your web browser.
- STIG Controls by Severity
- STIG Controls by Implementation Status
- STIG Controls by Tag
- aide (8 controls)
- auditd (46 controls)
- auth (47 controls)
- boot (9 controls)
- console (3 controls)
- file_perms (16 controls)
- kernel (24 controls)
- log (2 controls)
- lsm (4 controls)
- mail (4 controls)
- misc (26 controls)
- network (10 controls)
- nfsd (2 controls)
- package (13 controls)
- services (30 controls)
- sshd (10 controls)
- x11 (9 controls)
- Review All STIG Controls
Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.