CIS SUSE Linux Enterprise 15 Server L1 v1.1.1

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS SUSE Linux Enterprise 15 Server L1 v1.1.1

Updated: 2/18/2025

Authority: CIS

Plugin: Unix

Revision: 1.32

Estimated Item Count: 196

File Details

Filename: CIS_SUSE_Linux_Enterprise_15_Server_v1.1.1_L1.audit

Size: 522 kB

MD5: f425e77aa204c3cae98bb8260b4a7d83
SHA256: c294ee315b41867fe335d29e99e30fd0d064d88fd01af2ff87847f41bdfcce7a

Audit Items

DescriptionCategories
1.1.1.2 Ensure mounting of udf filesystems is disabled
1.1.2 Ensure /tmp is configured
1.1.3 Ensure noexec option set on /tmp partition
1.1.4 Ensure nodev option set on /tmp partition
1.1.5 Ensure nosuid option set on /tmp partition
1.1.6 Ensure /dev/shm is configured
1.1.7 Ensure noexec option set on /dev/shm partition
1.1.8 Ensure nodev option set on /dev/shm partition
1.1.9 Ensure nosuid option set on /dev/shm partition
1.1.12 Ensure noexec option set on /var/tmp partition
1.1.13 Ensure nodev option set on /var/tmp partition
1.1.14 Ensure nosuid option set on /var/tmp partition
1.1.18 Ensure nodev option set on /home partition
1.1.19 Ensure noexec option set on removable media partitions
1.1.20 Ensure nodev option set on removable media partitions
1.1.21 Ensure nosuid option set on removable media partitions
1.1.22 Ensure sticky bit is set on all world-writable directories
1.1.23 Disable Automounting
1.2.1 Ensure GPG keys are configured
1.2.2 Ensure package manager repositories are configured
1.2.3 Ensure gpgcheck is globally activated
1.3.1 Ensure sudo is installed
1.3.2 Ensure sudo commands use pty
1.3.3 Ensure sudo log file exists
1.4.1 Ensure AIDE is installed
1.4.2 Ensure filesystem integrity is regularly checked
1.5.1 Ensure bootloader password is set
1.5.2 Ensure permissions on bootloader config are configured
1.5.3 Ensure authentication required for single user mode
1.6.1 Ensure core dumps are restricted
1.6.2 Ensure XD/NX support is enabled
1.6.3 Ensure address space layout randomization (ASLR) is enabled
1.6.4 Ensure prelink is disabled
1.7.1.1 Ensure AppArmor is installed
1.7.1.2 Ensure AppArmor is enabled in the bootloader configuration
1.7.1.3 Ensure all AppArmor Profiles are in enforce or complain mode
1.8.1.1 Ensure message of the day is configured properly
1.8.1.2 Ensure local login warning banner is configured properly
1.8.1.3 Ensure remote login warning banner is configured properly
1.8.1.4 Ensure permissions on /etc/motd are configured
1.8.1.5 Ensure permissions on /etc/issue are configured
1.8.1.6 Ensure permissions on /etc/issue.net are configured
1.9 Ensure updates, patches, and additional security software are installed
1.10 Ensure GDM is removed or login is configured
2.1.1 Ensure xinetd is not installed
2.2.1.1 Ensure time synchronization is in use
2.2.1.2 Ensure systemd-timesyncd is configured
2.2.1.3 Ensure chrony is configured
2.2.2 Ensure X11 Server components are not installed
2.2.3 Ensure Avahi Server is not installed