CIS SUSE Linux Enterprise 15 Workstation L1 v1.1.1

Audit Details

Name: CIS SUSE Linux Enterprise 15 Workstation L1 v1.1.1

Updated: 11/6/2024

Authority: CIS

Plugin: Unix

Revision: 1.29

Estimated Item Count: 192

File Details

Filename: CIS_SUSE_Linux_Enterprise_15_Workstation_v1.1.1_L1.audit

Size: 746 kB

MD5: 7f2ec30783ce875fd0188b2a78dca1d1
SHA256: 44e1bd6dc6777e7bfa0e13b3af58fb6d395162e64061e5158a696bbeda408636

Audit Items

DescriptionCategories
1.1.1.2 Ensure mounting of udf filesystems is disabled

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.1.2 Ensure /tmp is configured

ACCESS CONTROL, MEDIA PROTECTION

1.1.3 Ensure noexec option set on /tmp partition

ACCESS CONTROL, MEDIA PROTECTION

1.1.4 Ensure nodev option set on /tmp partition

ACCESS CONTROL, MEDIA PROTECTION

1.1.5 Ensure nosuid option set on /tmp partition

ACCESS CONTROL, MEDIA PROTECTION

1.1.6 Ensure /dev/shm is configured

ACCESS CONTROL, MEDIA PROTECTION

1.1.7 Ensure noexec option set on /dev/shm partition

ACCESS CONTROL, MEDIA PROTECTION

1.1.8 Ensure nodev option set on /dev/shm partition

ACCESS CONTROL, MEDIA PROTECTION

1.1.9 Ensure nosuid option set on /dev/shm partition

ACCESS CONTROL, MEDIA PROTECTION

1.1.12 Ensure noexec option set on /var/tmp partition

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.1.13 Ensure nodev option set on /var/tmp partition

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.1.14 Ensure nosuid option set on /var/tmp partition

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.1.18 Ensure nodev option set on /home partition

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.1.19 Ensure noexec option set on removable media partitions

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.1.20 Ensure nodev option set on removable media partitions

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.1.21 Ensure nosuid option set on removable media partitions

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.1.22 Ensure sticky bit is set on all world-writable directories

ACCESS CONTROL, CONFIGURATION MANAGEMENT, MEDIA PROTECTION, SYSTEM AND SERVICES ACQUISITION

1.2.1 Ensure GPG keys are configured

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

1.2.2 Ensure package manager repositories are configured

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

1.2.3 Ensure gpgcheck is globally activated

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

1.3.1 Ensure sudo is installed

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.3.2 Ensure sudo commands use pty

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.3.3 Ensure sudo log file exists

AUDIT AND ACCOUNTABILITY

1.4.1 Ensure AIDE is installed

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

1.4.2 Ensure filesystem integrity is regularly checked

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

1.5.1 Ensure bootloader password is set

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.5.2 Ensure permissions on bootloader config are configured

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.5.3 Ensure authentication required for single user mode

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.6.1 Ensure core dumps are restricted

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.6.2 Ensure XD/NX support is enabled

SYSTEM AND INFORMATION INTEGRITY

1.6.3 Ensure address space layout randomization (ASLR) is enabled

SYSTEM AND INFORMATION INTEGRITY

1.6.4 Ensure prelink is disabled

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.7.1.1 Ensure AppArmor is installed

ACCESS CONTROL, MEDIA PROTECTION

1.7.1.2 Ensure AppArmor is enabled in the bootloader configuration

ACCESS CONTROL, MEDIA PROTECTION

1.7.1.3 Ensure all AppArmor Profiles are in enforce or complain mode

ACCESS CONTROL, MEDIA PROTECTION

1.8.1.1 Ensure message of the day is configured properly

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.8.1.2 Ensure local login warning banner is configured properly

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.8.1.3 Ensure remote login warning banner is configured properly

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.8.1.4 Ensure permissions on /etc/motd are configured

ACCESS CONTROL, MEDIA PROTECTION

1.8.1.5 Ensure permissions on /etc/issue are configured

ACCESS CONTROL, MEDIA PROTECTION

1.8.1.6 Ensure permissions on /etc/issue.net are configured

ACCESS CONTROL, MEDIA PROTECTION

1.9 Ensure updates, patches, and additional security software are installed

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

1.10 Ensure GDM is removed or login is configured

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.1.1 Ensure xinetd is not installed

CONFIGURATION MANAGEMENT

2.2.1.1 Ensure time synchronization is in use

AUDIT AND ACCOUNTABILITY

2.2.1.2 Ensure systemd-timesyncd is configured

AUDIT AND ACCOUNTABILITY

2.2.1.3 Ensure chrony is configured

AUDIT AND ACCOUNTABILITY

2.2.5 Ensure DHCP Server is not installed

CONFIGURATION MANAGEMENT

2.2.6 Ensure LDAP server is not installed

CONFIGURATION MANAGEMENT

2.2.7 Ensure nfs-utils is not installed or the nfs-server service is masked

CONFIGURATION MANAGEMENT