Adjustments made to CIS Hardened Images for CIS Red Hat Enterprise Linux 8 Benchmark Level 2 and STIG Benchmark for integration with EC2 Image Builder
Product Name
CIS Hardened Images - AWS
Product Version
EC2 Image Builder
Date
Feb 21, 2024
Overview
CIS has made adjustments to the CIS Hardened Images for CIS Red Hat Enterprise Linux 8 Benchmark Level 2 and CIS Red Hat Enterprise Linux 8 STIG Benchmark for integration with EC2 Image Builder, a managed AWS service.
Solution
To accommodate this integration, the noted CIS Hardened Images have removed the hardening for recommendations noexec
on var
and var/tmp
as the AWS SSM Agent executes from either of these locations. To manually configure this recommendation in compliance with the CIS Benchmark, please follow the remediation instructions in the CIS Benchmark PDF.
CIS Red Hat Enterprise Linux 8 Benchmark Level 2:
Ensure
noexec
option is set on/var
partition
This recommendation is not applied to allow integration with AWS Image Builder. To configure this recommendation in compliance with the CIS Benchmark, please follow the remediation instructions in CIS Benchmark PDF.
Ensure
noexec
option is set on/var/tmp
partition
This recommendation is not applied to allow integration with AWS Image Builder. To configure this recommendation in compliance with the CIS Benchmark, please follow the remediation instruction in CIS Benchmark PDF.
CIS Red Hat Enterprise Linux 8 STIG Benchmark:
Ensure
noexec
option is set on/var/tmp
partition
This recommendation is not applied to allow integration with EC2 Image Builder.
Keywords;
EC2 Image Builder, CIS Red Hat Enterprise Linux 8 Benchmark; Hardened Image; AWS
Content by Label