Detections
Analytics

CIS SUSE Linux Enterprise 15 Server L2 v1.1.1

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS SUSE Linux Enterprise 15 Server L2 v1.1.1

Updated: 2/18/2025

Authority: CIS

Plugin: Unix

Revision: 1.13

Estimated Item Count: 37

File Details

Filename: CIS_SUSE_Linux_Enterprise_15_Server_v1.1.1_L2.audit

Size: 181 kB

MD5: 7b64d7096fdff8701760980fad5ff25d
SHA256: 9330a76c902eb69fece2a4d94e911dc185b6ca20459a7862003453071857d0fc

Audit Items

DescriptionCategories
1.1.1.1 Ensure mounting of squashfs filesystems is disabled
1.1.1.3 Ensure mounting of FAT filesystems is limited
1.1.10 Ensure separate partition exists for /var
1.1.11 Ensure separate partition exists for /var/tmp
1.1.15 Ensure separate partition exists for /var/log
1.1.16 Ensure separate partition exists for /var/log/audit
1.1.17 Ensure separate partition exists for /home
1.7.1.4 Ensure all AppArmor Profiles are enforcing
3.1.1 Disable IPv6
3.4.1 Ensure DCCP is disabled
3.4.2 Ensure SCTP is disabled
4.1.1.1 Ensure auditd is installed
4.1.1.2 Ensure auditd service is enabled and running
4.1.1.3 Ensure auditing for processes that start prior to auditd is enabled
4.1.2.1 Ensure audit log storage size is configured
4.1.2.2 Ensure audit logs are not automatically deleted
4.1.2.3 Ensure system is disabled when audit logs are full
4.1.2.4 Ensure audit_backlog_limit is sufficient
4.1.3 Ensure events that modify date and time information are collected
4.1.4 Ensure events that modify user/group information are collected
4.1.5 Ensure events that modify the system's network environment are collected
4.1.6 Ensure events that modify the system's Mandatory Access Controls are collected
4.1.7 Ensure login and logout events are collected
4.1.8 Ensure session initiation information is collected
4.1.9 Ensure discretionary access control permission modification events are collected
4.1.10 Ensure unsuccessful unauthorized file access attempts are collected
4.1.11 Ensure use of privileged commands is collected
4.1.12 Ensure successful file system mounts are collected
4.1.13 Ensure file deletion events by users are collected
4.1.14 Ensure changes to system administration scope (sudoers) is collected
4.1.15 Ensure system administrator actions (sudolog) are collected
4.1.16 Ensure kernel module loading and unloading is collected
4.1.17 Ensure the audit configuration is immutable
5.2.6 Ensure SSH X11 forwarding is disabled
5.2.20 Ensure SSH AllowTcpForwarding is disabled
6.1.1 Audit system file permissions
CIS_SUSE_Linux_Enterprise_15_Server_v1.1.1_L2.audit from CIS SUSE Linux Enterprise 15 Benchmark v1.1.1