Detections
Analytics

CIS SUSE Linux Enterprise 15 Workstation L1 v1.1.1

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS SUSE Linux Enterprise 15 Workstation L1 v1.1.1

Updated: 2/18/2025

Authority: CIS

Plugin: Unix

Revision: 1.31

Estimated Item Count: 192

File Details

Filename: CIS_SUSE_Linux_Enterprise_15_Workstation_v1.1.1_L1.audit

Size: 518 kB

MD5: f16bf4f042e895475d7fe8d94b09e6c3
SHA256: 4adb3b4215b1854543009a9dc64e62c4d53c3e7f9aa926ff9c3627a3304723f9

Audit Items

DescriptionCategories
1.1.1.2 Ensure mounting of udf filesystems is disabled
1.1.2 Ensure /tmp is configured
1.1.3 Ensure noexec option set on /tmp partition
1.1.4 Ensure nodev option set on /tmp partition
1.1.5 Ensure nosuid option set on /tmp partition
1.1.6 Ensure /dev/shm is configured
1.1.7 Ensure noexec option set on /dev/shm partition
1.1.8 Ensure nodev option set on /dev/shm partition
1.1.9 Ensure nosuid option set on /dev/shm partition
1.1.12 Ensure noexec option set on /var/tmp partition
1.1.13 Ensure nodev option set on /var/tmp partition
1.1.14 Ensure nosuid option set on /var/tmp partition
1.1.18 Ensure nodev option set on /home partition
1.1.19 Ensure noexec option set on removable media partitions
1.1.20 Ensure nodev option set on removable media partitions
1.1.21 Ensure nosuid option set on removable media partitions
1.1.22 Ensure sticky bit is set on all world-writable directories
1.2.1 Ensure GPG keys are configured
1.2.2 Ensure package manager repositories are configured
1.2.3 Ensure gpgcheck is globally activated
1.3.1 Ensure sudo is installed
1.3.2 Ensure sudo commands use pty
1.3.3 Ensure sudo log file exists
1.4.1 Ensure AIDE is installed
1.4.2 Ensure filesystem integrity is regularly checked
1.5.1 Ensure bootloader password is set
1.5.2 Ensure permissions on bootloader config are configured
1.5.3 Ensure authentication required for single user mode
1.6.1 Ensure core dumps are restricted
1.6.2 Ensure XD/NX support is enabled
1.6.3 Ensure address space layout randomization (ASLR) is enabled
1.6.4 Ensure prelink is disabled
1.7.1.1 Ensure AppArmor is installed
1.7.1.2 Ensure AppArmor is enabled in the bootloader configuration
1.7.1.3 Ensure all AppArmor Profiles are in enforce or complain mode
1.8.1.1 Ensure message of the day is configured properly
1.8.1.2 Ensure local login warning banner is configured properly
1.8.1.3 Ensure remote login warning banner is configured properly
1.8.1.4 Ensure permissions on /etc/motd are configured
1.8.1.5 Ensure permissions on /etc/issue are configured
1.8.1.6 Ensure permissions on /etc/issue.net are configured
1.9 Ensure updates, patches, and additional security software are installed
1.10 Ensure GDM is removed or login is configured
2.1.1 Ensure xinetd is not installed
2.2.1.1 Ensure time synchronization is in use
2.2.1.2 Ensure systemd-timesyncd is configured
2.2.1.3 Ensure chrony is configured
2.2.5 Ensure DHCP Server is not installed
2.2.6 Ensure LDAP server is not installed
2.2.7 Ensure nfs-utils is not installed or the nfs-server service is masked