Detections
Analytics

CIS SUSE Linux Enterprise Server 11 L2 v2.1.0

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS SUSE Linux Enterprise Server 11 L2 v2.1.0

Updated: 9/8/2022

Authority: CIS

Plugin: Unix

Revision: 1.13

Estimated Item Count: 128

File Details

Filename: CIS_SUSE_Linux_Enterprise_Server_11_v2.1.0_L2.audit

Size: 279 kB

MD5: 3450ee99cc1cb0d883fed854e2279a2f
SHA256: facdbded5fc9dd413be81463501402600663b83223bb5ede3fc5a8a11e44e4cc

Audit Items

DescriptionCategories
1.1.1.8 Ensure mounting of FAT filesystems is disabled - /etc/modprobe.d/*
1.1.1.8 Ensure mounting of FAT filesystems is disabled - lsmod
1.1.1.8 Ensure mounting of FAT filesystems is disabled - modprobe
1.1.2 Ensure separate partition exists for /tmp
1.1.6 Ensure separate partition exists for /var
1.1.7 Ensure separate partition exists for /var/tmp
1.1.11 Ensure separate partition exists for /var/log
1.1.12 Ensure separate partition exists for /var/log/audit
1.1.13 Ensure separate partition exists for /home
1.6.1.1 Ensure SELinux is not disabled in bootloader configuration - enforcing
1.6.1.1 Ensure SELinux is not disabled in bootloader configuration - selinux
1.6.1.2 Ensure the SELinux state is enforcing
1.6.1.3 Ensure SELinux policy is configured
1.6.1.4 Ensure SETroubleshoot is not installed
1.6.1.5 Ensure the MCS Translation Service (mcstrans) is not installed
1.6.1.6 Ensure no unconfined daemons exist
1.6.2.1 Ensure AppArmor is not disabled in bootloader configuration
1.6.2.2 Ensure all AppArmor Profiles are enforcing - complain mode
1.6.2.2 Ensure all AppArmor Profiles are enforcing - processes unconfined
1.6.2.2 Ensure all AppArmor Profiles are enforcing - profiles loaded
1.6.3 Ensure SELinux or AppArmor are installed
4.1.1.1 Ensure audit log storage size is configured
4.1.1.2 Ensure system is disabled when audit logs are full - action_mail_acct
4.1.1.2 Ensure system is disabled when audit logs are full - admin_space_left_action
4.1.1.2 Ensure system is disabled when audit logs are full - space_left_action
4.1.1.3 Ensure audit logs are not automatically deleted
4.1.2 Ensure auditd service is enabled
4.1.3 Ensure auditing for processes that start prior to auditd is enabled
4.1.4 Ensure events that modify date and time information are collected - audit.rules b32 adjtimex
4.1.4 Ensure events that modify date and time information are collected - audit.rules b32 clock_settime
4.1.4 Ensure events that modify date and time information are collected - audit.rules b64 adjtimex
4.1.4 Ensure events that modify date and time information are collected - audit.rules b64 clock_settime
4.1.4 Ensure events that modify date and time information are collected - audit.rules time-change
4.1.4 Ensure events that modify date and time information are collected - auditctl b32 adjtimex
4.1.4 Ensure events that modify date and time information are collected - auditctl b32 clock_settime
4.1.4 Ensure events that modify date and time information are collected - auditctl b64 adjtimex
4.1.4 Ensure events that modify date and time information are collected - auditctl b64 clock_settime
4.1.4 Ensure events that modify date and time information are collected - auditctl time-change
4.1.5 Ensure events that modify user/group information are collected - /etc/group
4.1.5 Ensure events that modify user/group information are collected - /etc/gshadow
4.1.5 Ensure events that modify user/group information are collected - /etc/passwd
4.1.5 Ensure events that modify user/group information are collected - /etc/security/opasswd
4.1.5 Ensure events that modify user/group information are collected - /etc/shadow
4.1.5 Ensure events that modify user/group information are collected - auditctl /etc/group
4.1.5 Ensure events that modify user/group information are collected - auditctl /etc/gshadow
4.1.5 Ensure events that modify user/group information are collected - auditctl /etc/passwd
4.1.5 Ensure events that modify user/group information are collected - auditctl /etc/security/opasswd
4.1.5 Ensure events that modify user/group information are collected - auditctl /etc/shadow
4.1.6 Ensure events that modify the system's network environment are collected - /etc/hosts
4.1.6 Ensure events that modify the system's network environment are collected - /etc/issue