RHEL7 STIG 2020Q2, CentOS 7 STIG 2020Q2

What's New?

  • RHEL updated to 7.8
  • CentOS updated to 7.7.1908
  • STIG profiles updated to v2r7

We have increased the minimum size of the /var partition to 2gb, due to reports of volume full errors when attempting to install Yum updates.

Known Issues:

  • The new "immutable" requirement specified by V-72281 (RHEL-07-040600) causes cloud-init to fail when the instance is launched. As a result, we have removed this control from our configuration library, and recommend you configure this post-installation if still desired:

sudo chattr +i /etc/resolv.conf

  • We believe that AWS is compliant with the spirit of this control out-of-the-box: Even though your EC2 instance may appear to have only one DNS server, this is actually an IP address that references the underlying cloud infrastructure that powers you and everyone else in Amazon's cloud environment. Leaving this file as default is, in our opinion, not a significant risk, as Amazon is not likely to let its core services fail anytime soon.
  • We are still seeing issues with automatic volume sizing on the /var, /home, and /var/log/audit partitions (when users specify sizes larger than the AMI defaults).  We are working with Amazon to identify the issue and get it resolved.  In the meantime, use the xfs_growfs tool as a part of your build process when you require additional disk space in these filesystems.  The root partition appears not to be affected by this issue.

Deprecated Images:

The following AMIs are no longer available.  If you are still using these images, we strongly recommend upgrading to the latest release.

  • RHEL 2019Q1: ami-07a020bbb34121f40
  • CentOS 2019Q1: ami-0f818c25b9e3820fc

Did this solve your problem?