Detections
Analytics

CIS SUSE Linux Enterprise 15 v2.0.0 L1 Workstation

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS SUSE Linux Enterprise 15 v2.0.0 L1 Workstation

Updated: 8/1/2025

Authority: CIS

Plugin: Unix

Revision: 1.2

Estimated Item Count: 220

File Details

Filename: CIS_SUSE_Linux_Enterprise_15_v2.0.0_L1_Workstation.audit

Size: 788 kB

MD5: 1184fb000d16813af6df9b645656673a
SHA256: 99337adba0d9caff2857b0f49d6a140ac33306caa5ccf4ce203ed873b1df1738

Audit Items

DescriptionCategories
1.1.1.1 Ensure cramfs kernel module is not available
1.1.1.2 Ensure freevxfs kernel module is not available
1.1.1.3 Ensure hfs kernel module is not available
1.1.1.4 Ensure hfsplus kernel module is not available
1.1.1.5 Ensure jffs2 kernel module is not available
1.1.1.9 Ensure unused filesystems kernel modules are not available
1.1.2.1.1 Ensure /tmp is a separate partition
1.1.2.1.2 Ensure nodev option set on /tmp partition
1.1.2.1.3 Ensure nosuid option set on /tmp partition
1.1.2.1.4 Ensure noexec option set on /tmp partition
1.1.2.2.1 Ensure /dev/shm is a separate partition
1.1.2.2.2 Ensure nodev option set on /dev/shm partition
1.1.2.2.3 Ensure nosuid option set on /dev/shm partition
1.1.2.2.4 Ensure noexec option set on /dev/shm partition
1.1.2.3.2 Ensure nodev option set on /home partition
1.1.2.3.3 Ensure nosuid option set on /home partition
1.1.2.4.2 Ensure nodev option set on /var partition
1.1.2.4.3 Ensure nosuid option set on /var partition
1.1.2.5.2 Ensure nodev option set on /var/tmp partition
1.1.2.5.3 Ensure nosuid option set on /var/tmp partition
1.1.2.5.4 Ensure noexec option set on /var/tmp partition
1.1.2.6.2 Ensure nodev option set on /var/log partition
1.1.2.6.3 Ensure nosuid option set on /var/log partition
1.1.2.6.4 Ensure noexec option set on /var/log partition
1.1.2.7.2 Ensure nodev option set on /var/log/audit partition
1.1.2.7.3 Ensure nosuid option set on /var/log/audit partition
1.1.2.7.4 Ensure noexec option set on /var/log/audit partition
1.2.1.1 Ensure GPG keys are configured
1.2.1.2 Ensure gpgcheck is globally activated
1.2.1.4 Ensure package manager repositories are configured
1.2.2.1 Ensure updates, patches, and additional security software are installed
1.3.1.1 Ensure AppArmor is installed
1.3.1.2 Ensure AppArmor is enabled in the bootloader configuration
1.3.1.3 Ensure all AppArmor Profiles are in enforce or complain mode
1.4.1 Ensure bootloader password is set
1.4.2 Ensure access to bootloader config is configured
1.5.1 Ensure address space layout randomization is enabled
1.5.2 Ensure core dumps are restricted
1.5.3 Ensure prelink is disabled
1.6.1 Ensure crypto-policies-scripts package is installed
1.6.2 Ensure system wide crypto policy is not set to legacy
1.6.3 Ensure system wide crypto policy is not set in sshd configuration
1.6.4 Ensure system wide crypto policy disables sha1 hash and signature support
1.6.5 Ensure system wide crypto policy disables macs less than 128 bits
1.6.6 Ensure system wide crypto policy disables cbc for ssh
1.6.7 Ensure system wide crypto policy disables chacha20-poly1305 for ssh
1.7.1 Ensure /etc/motd is configured
1.7.2 Ensure local login warning banner is configured properly
1.7.3 Ensure remote login warning banner is configured properly
1.7.4 Ensure access to /etc/motd is configured