CIS SUSE Linux Enterprise Server 11 L1 v2.1.0

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS SUSE Linux Enterprise Server 11 L1 v2.1.0

Updated: 9/8/2022

Authority: Operating Systems and Applications

Plugin: Unix

Revision: 1.27

Estimated Item Count: 275

File Details

Filename: CIS_SUSE_Linux_Enterprise_Server_11_v2.1.0_L1.audit

Size: 354 kB

MD5: 73823623a92904cb51b98c50adb55ace
SHA256: 8f8b9cda2bacea5b34545392dc48f7d46064b7ffeccf1573b79403ac2e78dfb9

Audit Changelog

 
Revision 1.27

Sep 8, 2022

Miscellaneous
  • Audit deprecated.
  • Metadata updated.
  • References updated.
Revision 1.26

Jul 27, 2022

Functional Update
  • 5.2.10 Ensure SSH PermitUserEnvironment is disabled
  • 5.2.14 Ensure SSH access is limited
  • 5.2.15 Ensure SSH warning banner is configured
  • 5.2.2 Ensure SSH Protocol is set to 2
  • 5.2.4 Ensure SSH X11 forwarding is disabled
  • 5.2.5 Ensure SSH MaxAuthTries is set to 4 or less
  • 5.2.6 Ensure SSH IgnoreRhosts is enabled
  • 5.2.7 Ensure SSH HostbasedAuthentication is disabled
  • 5.2.8 Ensure SSH root login is disabled
  • 5.2.9 Ensure SSH PermitEmptyPasswords is disabled
Miscellaneous
  • References updated.
Revision 1.25

Apr 25, 2022

Miscellaneous
  • References updated.
Revision 1.24

Mar 29, 2022

Miscellaneous
  • Metadata updated.
  • References updated.
Revision 1.23

Jun 17, 2021

Miscellaneous
  • Metadata updated.
  • References updated.
Revision 1.22

Apr 6, 2021

Functional Update
  • 5.4.1.1 Ensure password expiration is 365 days or less - users
  • 5.4.1.2 Ensure minimum days between password changes is 7 or more - users
  • 5.4.1.3 Ensure password expiration warning days is 7 or more - users
  • 5.4.1.5 Ensure all users last password change date is in the past
Revision 1.21

Feb 16, 2021

Functional Update
  • 1.3.2 Ensure filesystem integrity is regularly checked
  • 3.6.2 Ensure default deny firewall policy - FORWARD
  • 3.6.2 Ensure default deny firewall policy - INPUT
  • 3.6.2 Ensure default deny firewall policy - OUTPUT
  • 4.2.2.1 Ensure syslog-ng service is enabled
Miscellaneous
  • Metadata updated.
  • References updated.
Revision 1.20

Oct 14, 2020

Functional Update
  • 4.2.4 Ensure permissions on all logfiles are configured
Revision 1.19

Oct 5, 2020

Functional Update
  • 1.5.2 Ensure XD/NX support is enabled
  • 2.1.9 Ensure tftp server is not enabled
  • 2.2.1.1 Ensure time synchronization is in use
  • 2.2.1.2 Ensure ntp is configured - ntp:ntp
  • 2.2.1.2 Ensure ntp is configured - restrict -4
  • 2.2.1.2 Ensure ntp is configured - restrict -6
  • 2.2.1.2 Ensure ntp is configured - server
  • 2.2.1.3 Ensure chrony is configured - options
  • 2.2.1.3 Ensure chrony is configured - server
  • 4.2.1.1 Ensure rsyslog Service is enabled - /etc/sysconfig/syslog
  • 4.2.1.1 Ensure rsyslog Service is enabled - chkconfig
  • 4.2.1.2 Ensure logging is configured
  • 4.2.1.3 Ensure rsyslog default file permissions configured
  • 4.2.1.4 Ensure rsyslog is configured to send logs to a remote log host
  • 4.2.1.5 Ensure remote rsyslog messages are only accepted on designated log hosts - InputTCPServerRun
  • 4.2.1.5 Ensure remote rsyslog messages are only accepted on designated log hosts - ModLoad
  • 4.2.2.1 Ensure syslog-ng service is enabled
  • 4.2.2.2 Ensure logging is configured
  • 4.2.2.3 Ensure syslog-ng default file permissions configured
  • 4.2.2.4 Ensure syslog-ng is configured to send logs to a remote log host
  • 4.2.2.5 Ensure remote syslog-ng messages are only accepted on designated log hosts
  • 4.2.3 Ensure rsyslog or syslog-ng is installed
Miscellaneous
  • Platform check updated.
Revision 1.18

Sep 29, 2020

Miscellaneous
  • References updated.