
<div dir="ltr"><p class="MsoNormal" style="line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;margin:0in 0in 8pt;font-size:11pt;font-family:Calibri,sans-serif"><b><span lang="EN-GB" style="font-size:12pt">Product:</span></b><span lang="EN-GB" style="font-size:12pt"><br>

BigFix Compliance</span></p>


<p class="MsoNormal" style="line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;margin:0in 0in 8pt;font-size:11pt;font-family:Calibri,sans-serif"><b><span lang="EN-GB" style="font-size:12pt">Title:</span></b><span lang="EN-GB" style="font-size:12pt"><br>

</span><span lang="EN-GB" style="font-size:11.5pt;font-family:Arial,sans-serif;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial">Updated CIS Red Hat Enterprise Linux 9 with bug

fixes.</span><span lang="EN-GB" style="font-size:12pt"></span></p>


<p class="MsoNormal" style="line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;margin:0in 0in 8pt;font-size:11pt;font-family:Calibri,sans-serif"><b><span lang="EN-GB" style="font-size:12pt">Security Benchmark:</span></b><span lang="EN-GB" style="font-size:12pt"><br>

</span><span lang="EN-GB" style="font-size:11.5pt;font-family:Arial,sans-serif;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial">CIS Red Hat Enterprise Linux 9 Benchmark, v1.0.0</span><span lang="EN-GB" style="font-size:12pt"></span></p>


<p class="MsoNormal" style="line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;margin:0in 0in 8pt;font-size:11pt;font-family:Calibri,sans-serif"><b><span lang="EN-GB" style="font-size:12pt">Published Sites:</span></b><span lang="EN-GB" style="font-size:12pt"><br>

</span><span lang="EN-GB" style="font-size:11.5pt;font-family:Arial,sans-serif;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial">CIS Checklist for RHEL 9, site version </span><span lang="EN-GB" style="font-size:12pt"><br>

(The site version is provided for air-gap customers.)</span></p>


<p class="MsoNormal" style="line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;margin:0in 0in 8pt;font-size:11pt;font-family:Calibri,sans-serif"><b><span lang="EN-GB" style="font-size:12pt;color:black;border:1pt none windowtext;padding:0in">Details:</span></b><span lang="EN-GB" style="font-size:12pt;border:1pt none windowtext;padding:0in"></span></p>


<p style="margin:0in 0in 0in 0.5in;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:12pt;font-family:"Times New Roman",serif"><span class="gmail-scxw236468599"><span lang="EN-GB" style="font-family:Symbol">·<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">      </span></span></span><span class="gmail-normaltextrun"><span style="font-family:Calibri,sans-serif;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial">Fixed and Improved

implementation for the following check:</span></span><span class="gmail-scxw236468599"><span lang="EN-GB" style="font-family:Calibri,sans-serif"> </span></span></p>


<p style="margin:0in 0in 0in 0.5in;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:12pt;font-family:"Times New Roman",serif"><span class="gmail-scxw236468599"><span lang="EN-GB" style="font-family:Calibri,sans-serif">4.1.1.2 - Ensure

auditing for processes that start prior to auditd is enabled</span></span></p>


<p style="margin:0in 0in 0in 0.5in;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:12pt;font-family:"Times New Roman",serif"><span class="gmail-scxw236468599"><span lang="EN-GB" style="font-family:Calibri,sans-serif">4.1.1.3 - Ensure

audit_backlog_limit is sufficient</span></span></p>


<p style="margin:0in 0in 0in 0.5in;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:12pt;font-family:"Times New Roman",serif"><span class="gmail-scxw236468599"><span lang="EN-GB" style="font-family:Calibri,sans-serif">3.3.7 - Ensure

Reverse Path Filtering is enabled</span></span></p>


<p style="margin:0in 0in 0in 0.5in;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:12pt;font-family:"Times New Roman",serif"><span class="gmail-scxw236468599"><span lang="EN-GB" style="font-family:Calibri,sans-serif">1.1.2.1 - Ensure /tmp

is a separate partition</span></span></p>


<p style="margin:0in 0in 0in 0.5in;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:12pt;font-family:"Times New Roman",serif"><span class="gmail-scxw236468599"><span lang="EN-GB" style="font-family:Calibri,sans-serif">4.1.3.6 - Ensure use

of privileged commands are collected</span></span></p>


<p style="margin:0in 0in 0in 0.5in;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:12pt;font-family:"Times New Roman",serif"><span class="gmail-scxw236468599"><span lang="EN-GB" style="font-family:Calibri,sans-serif">4.2.2.1.3 - Ensure

systemd - journal - remote is enabled</span></span></p>


<p style="margin:0in 0in 0in 0.5in;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:12pt;font-family:"Times New Roman",serif"><span class="gmail-scxw236468599"><span lang="EN-GB" style="font-family:Calibri,sans-serif">4.2.2.5 - Ensure

journald is not configured to send logs to rsyslog</span></span></p>


<p style="margin:0in 0in 0in 0.5in;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:12pt;font-family:"Times New Roman",serif"><span class="gmail-scxw236468599"><span lang="EN-GB" style="font-family:Calibri,sans-serif">5.2.7 - Ensure SSH

root login is disabled</span></span></p>


<p style="margin:0in 0in 0in 0.5in;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:12pt;font-family:"Times New Roman",serif"><span class="gmail-scxw236468599"><span lang="EN-GB" style="font-family:Calibri,sans-serif">4.1.3.9 - Ensure

discretionary access control permission modification events are collected</span></span></p>


<p style="margin:0in 0in 0in 0.5in;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:12pt;font-family:"Times New Roman",serif"><span class="gmail-scxw236468599"><span lang="EN-GB" style="font-family:Calibri,sans-serif">6.1.9 - Ensure no

world writable files exist</span></span></p>


<p style="margin:0in 0in 0in 0.5in;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:12pt;font-family:"Times New Roman",serif"><span class="gmail-scxw236468599"><span lang="EN-GB" style="font-family:Calibri,sans-serif">6.1.10 - Ensure no

unowned files or directories exist</span></span></p>


<p style="margin:0in 0in 0in 0.5in;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:12pt;font-family:"Times New Roman",serif"><span class="gmail-scxw236468599"><span lang="EN-GB" style="font-family:Calibri,sans-serif">6.1.11 - Ensure no

ungrouped files or directories exist</span></span></p>


<p style="margin:0in 0in 0in 0.5in;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:12pt;font-family:"Times New Roman",serif"><span class="gmail-scxw236468599"><span lang="EN-GB" style="font-family:Calibri,sans-serif">6.1.12 - Ensure

sticky bit is set on all world - writable directories</span></span></p>


<p class="MsoNormal" style="line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;margin:0in 0in 8pt;font-size:11pt;font-family:Calibri,sans-serif"><span lang="EN-GB" style="font-size:10.5pt;font-family:Helvetica"><br>

</span><b><span style="font-size:11.5pt;font-family:Arial,sans-serif">Actions to take:</span></b><span style="font-size:11.5pt;font-family:Arial,sans-serif"></span></p>


<p class="MsoNormal" style="margin:0in 0in 8pt 51pt;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:10pt;font-family:Symbol">·<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">      

</span></span><span style="font-size:11.5pt;font-family:Arial,sans-serif">To subscribe to the above site, you

can use the License Overview Dashboard to enable and gather the site. Note that

you must be entitled to the BigFix Compliance product, and you must be using

BigFix version 9.2 and later.</span></p>


<p class="MsoNormal" style="margin:0in 0in 8pt 51pt;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:10pt;font-family:Symbol">·<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">      

</span></span><span style="font-size:11.5pt;font-family:Arial,sans-serif">If you use custom sites, update

your custom sites accordingly to use the latest content. You can synchronize

your content by using the Synchronize Custom Checks wizard. For more

information, see </span><span lang="EN-GB" style="color:black"><a href="https://help.hcltechsw.com/bigfix/10.0/compliance/Compliance/SCM_Users_Guide/c_using_synchronize_custom_checks_wiz.html"><span lang="EN-US" style="font-size:11.5pt;font-family:Arial,sans-serif;color:blue">Using the Synchronize Custom Checks wizard</span></a></span><span style="font-size:11.5pt;font-family:Arial,sans-serif"></span></p>


<p class="MsoNormal" style="line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;margin:0in 0in 8pt;font-size:11pt;font-family:Calibri,sans-serif"><b><span style="font-size:11.5pt;font-family:Arial,sans-serif">More

information:</span></b><span style="font-size:11.5pt;font-family:Arial,sans-serif"><br>

To know more about the BigFix Compliance SCM checklists, please see the

following resources:</span></p>


<p class="MsoNormal" style="margin:0in 0in 8pt 51pt;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:10pt;font-family:Symbol">·<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">      

</span></span><span style="font-size:11.5pt;font-family:Arial,sans-serif">BigFix Forum:<br>

</span><span lang="EN-GB" style="color:black"><a href="https://forum.bigfix.com/c/release-announcements/compliance"><span lang="EN-US" style="font-size:11.5pt;font-family:Arial,sans-serif;color:blue">https://forum.bigfix.com/c/release-announcements/compliance</span></a></span><span style="font-size:11.5pt;font-family:Arial,sans-serif"></span></p>


<p class="MsoNormal" style="margin:0in 0in 8pt 51pt;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:10pt;font-family:Symbol">·<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">      

</span></span><span style="font-size:11.5pt;font-family:Arial,sans-serif">BigFix Compliance SCM Checklists:<br>

</span><span lang="EN-GB" style="color:black"><a href="https://bigfix-wiki.hcltechsw.com/wikis/home?lang=en-us#!/wiki/BigFix%20Wiki/page/SCM%20Checklists"><span lang="EN-US" style="font-size:11.5pt;font-family:Arial,sans-serif;color:blue">Welcome to Wikis</span></a></span><span style="font-size:11.5pt;font-family:Arial,sans-serif"></span></p>


<p class="MsoNormal" style="line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;margin:0in 0in 8pt;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:11.5pt;font-family:Arial,sans-serif">We hope you

find this latest release of SCM content useful and effective. Thank you!</span></p>


<p style="margin:0in;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:12pt;font-family:"Times New Roman",serif"><i><span style="font-size:11.5pt;font-family:Arial,sans-serif">– The

BigFix Compliance team</span></i><span lang="EN-GB"></span></p></div>