Detections
Analytics

CIS SUSE Linux Enterprise 15 v2.0.0 L2 Workstation

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS SUSE Linux Enterprise 15 v2.0.0 L2 Workstation

Updated: 8/1/2025

Authority: CIS

Plugin: Unix

Revision: 1.1

Estimated Item Count: 64

File Details

Filename: CIS_SUSE_Linux_Enterprise_15_v2.0.0_L2_Workstation.audit

Size: 313 kB

MD5: f4f30d5050d648817c86da5028fe48c9
SHA256: c3974d029d0215c71fb52a382ad8dbdacae8ad158afe63563aeef112b8b82f13

Audit Items

DescriptionCategories
1.1.1.6 Ensure overlayfs kernel module is not available
1.1.1.7 Ensure squashfs kernel module is not available
1.1.1.8 Ensure udf kernel module is not available
1.1.2.3.1 Ensure separate partition exists for /home
1.1.2.4.1 Ensure separate partition exists for /var
1.1.2.5.1 Ensure separate partition exists for /var/tmp
1.1.2.6.1 Ensure separate partition exists for /var/log
1.1.2.7.1 Ensure separate partition exists for /var/log/audit
1.2.1.3 Ensure repo_gpgcheck is globally activated
1.3.1.4 Ensure all AppArmor Profiles are enforcing
1.8.6 Ensure GDM automatic mounting of removable media is disabled
1.8.7 Ensure GDM disabling automatic mounting of removable media is not overridden
2.1.1 Ensure autofs services are not in use
2.1.2 Ensure avahi daemon services are not in use
2.2.2 Ensure ldap client is not installed
3.1.3 Ensure bluetooth services are not in use
3.2.1 Ensure dccp kernel module is not available
3.2.2 Ensure tipc kernel module is not available
3.2.3 Ensure rds kernel module is not available
3.2.4 Ensure sctp kernel module is not available
5.2.4 Ensure users must provide password for escalation
5.3.2.1.3 Ensure password failed attempts lockout includes root account
5.4.1.2 Ensure minimum password days is configured
5.4.3.1 Ensure nologin is not listed in /etc/shells
6.3.1.1 Ensure auditd packages are installed
6.3.1.2 Ensure auditing for processes that start prior to auditd is enabled
6.3.1.3 Ensure audit_backlog_limit is sufficient
6.3.1.4 Ensure auditd service is enabled and active
6.3.2.1 Ensure audit log storage size is configured
6.3.2.2 Ensure audit logs are not automatically deleted
6.3.2.3 Ensure system is disabled when audit logs are full
6.3.2.4 Ensure system warns when audit logs are low on space
6.3.3.1 Ensure changes to system administration scope (sudoers) is collected
6.3.3.2 Ensure actions as another user are always logged
6.3.3.3 Ensure events that modify the sudo log file are collected
6.3.3.4 Ensure events that modify date and time information are collected
6.3.3.5 Ensure events that modify the system's network environment are collected
6.3.3.6 Ensure use of privileged commands are collected
6.3.3.7 Ensure unsuccessful file access attempts are collected
6.3.3.8 Ensure events that modify user/group information are collected
6.3.3.9 Ensure discretionary access control permission modification events are collected
6.3.3.10 Ensure successful file system mounts are collected
6.3.3.11 Ensure session initiation information is collected
6.3.3.12 Ensure login and logout events are collected
6.3.3.13 Ensure file deletion events by users are collected
6.3.3.14 Ensure events that modify the system's Mandatory Access Controls are collected
6.3.3.15 Ensure successful and unsuccessful attempts to use the chcon command are collected
6.3.3.16 Ensure successful and unsuccessful attempts to use the setfacl command are collected
6.3.3.17 Ensure successful and unsuccessful attempts to use the chacl command are collected
6.3.3.18 Ensure successful and unsuccessful attempts to use the usermod command are collected