STIG exceptions

Due to technical limitations, application requirements, or both, not all STIG items can be implemented. The following STIG items cannot be made compliant for IBM QRadar.

V-230559

Finding ID: For more information, see V-230559.

Version: RHEL-08-040370

Rule ID: xccdf_org.ssgproject.content_rule_package_gssproxy_removed

Title: Uninstall gssproxy package

Justification: The nfs-utils package depends on gssproxy package and the nfs-utils package is required for product functionality.

V-230560

Finding ID: For more information, see V-230560.

Version: RHEL-08-040380

Rule ID: xccdf_org.ssgproject.content_rule_package_iprutils_removed

Title: Uninstall iprutils package

Justification: The iprutils package is a dependency that is needed to manage the RAID controllers.

V-230558

Finding ID: For more information, see V-230588.

Version: RHEL-08-040360

Rule ID: xccdf_org.ssgproject.content_rule_package_vsftpd_removed

Title: Uninstall vsftpd package

Justification: The vsftpd package is required as a dependency for the QRadar installation. The service is disabled by default but the package must be present

V-250317 and V-230540

Finding ID: For more information, see V-250317 and V-230540.

Version: RHEL-08-040259 & RHEL-08-040260

Rule ID

xccdf_org.ssgproject.content_rule_sysctl_net_ipv4_conf_all_forwarding

xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_forwarding

Title

Disable Kernel Parameter for IPv4 forwarding on all IPv4 interfaces

Disable Kernel Parameter for IPv6 forwarding

Justification: Packet forwarding is required on QRadar consoles and App Hosts for container (apps) functionality. Forwarding should be disabled on other types of QRadar hosts.

V-230240

Finding ID: For more information, see V-230240.

Version: RHEL-08-010170

Rule ID: xccdf_org.ssgproject.content_rule_selinux_state

Title: Ensure SELinux state is enforcing

Justification: QRadar does not function with SELinux enabled. It must remain disabled

V-272484

Finding ID: For more information, see V-272484.

Version: RHEL-08-010455

Rule ID: xccdf_org.ssgproject.content_rule_selinux_context_elevation_for_sudo

Title: Elevate the SELinux context when an administrator calls the Sudo command

Justification: QRadar does not function with SELinux enabled. It must remain disabled