Adjustments made to CIS Hardened Images for CIS Red Hat Enterprise Linux 8 Benchmark Level 2 and STIG Benchmark for integration with EC2 Image Builder


Product Name

CIS Hardened Images - AWS

Product Version

EC2 Image Builder

Date

Feb 21, 2024



Overview

CIS has made adjustments to the CIS Hardened Images for CIS Red Hat Enterprise Linux 8 Benchmark Level 2 and CIS Red Hat Enterprise Linux 8 STIG Benchmark for integration with EC2 Image Builder, a managed AWS service.

Solution

To accommodate this integration, the noted CIS Hardened Images have removed the hardening for recommendations noexec on var and var/tmp as the AWS SSM Agent executes from either of these locations. To manually configure this recommendation in compliance with the CIS Benchmark, please follow the remediation instructions in the CIS Benchmark PDF.

CIS Red Hat Enterprise Linux 8 Benchmark Level 2:

  • Ensure noexec option is set on /var partition

This recommendation is not applied to allow integration with AWS Image Builder. To configure this recommendation in compliance with the CIS Benchmark, please follow the remediation instructions in CIS Benchmark PDF.

  • Ensure noexec option is set on /var/tmp partition

This recommendation is not applied to allow integration with AWS Image Builder. To configure this recommendation in compliance with the CIS Benchmark, please follow the remediation instruction in CIS Benchmark PDF.

CIS Red Hat Enterprise Linux 8 STIG Benchmark:

  • Ensure noexec option is set on /var/tmp partition

This recommendation is not applied to allow integration with EC2 Image Builder.

Keywords;

EC2 Image Builder, CIS Red Hat Enterprise Linux 8 Benchmark; Hardened Image; AWS

Content by Label


Copyright © 2024

Center for Internet Security®