CIS SUSE Linux Enterprise Server 12 L2 v3.0.0

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS SUSE Linux Enterprise Server 12 L2 v3.0.0

Updated: 8/23/2022

Authority: CIS

Plugin: Unix

Revision: 1.5

Estimated Item Count: 126

File Details

Filename: CIS_SUSE_Linux_Enterprise_Server_12_v3.0.0_L2.audit

Size: 378 kB

MD5: 3f4fb4b72aed7eaef62a40291f4cd9e8
SHA256: eb1225f2ff3b5460d21f11b49b2a52e86fa25d150fe6ba8a3b4afd0ffadd68f8

Audit Items

DescriptionCategories
1.1.1.1 Ensure mounting of squashfs filesystems is disabled
1.1.10 Ensure separate partition exists for /var
1.1.11 Ensure separate partition exists for /var/tmp
1.1.15 Ensure separate partition exists for /var/log
1.1.16 Ensure separate partition exists for /var/log/audit
1.1.17 Ensure separate partition exists for /home
1.6.1.4 Ensure all AppArmor Profiles are enforcing
1.6.1.4 Ensure all AppArmor Profiles are enforcing - profiles complain
1.6.1.4 Ensure all AppArmor Profiles are enforcing - profiles loaded
3.1.1 Disable IPv6 - grub.cfg
3.1.1 Disable IPv6 - sysctl all disable_ipv6
3.1.1 Disable IPv6 - sysctl default disable_ipv6
3.1.1 Disable IPv6 - sysctl.conf all disable_ipv6
3.1.1 Disable IPv6 - sysctl.conf default disable_ipv6
3.4.1 Ensure DCCP is disabled - lsmod
3.4.1 Ensure DCCP is disabled - modprobe
3.4.2 Ensure SCTP is disabled - lsmod
3.4.2 Ensure SCTP is disabled - modprobe
4.1.1.1 Ensure auditd is installed
4.1.1.2 Ensure auditd service is enabled and running - enabled
4.1.1.2 Ensure auditd service is enabled and running - running
4.1.1.3 Ensure auditing for processes that start prior to auditd is enabled
4.1.2.1 Ensure audit log storage size is configured
4.1.2.2 Ensure audit logs are not automatically deleted
4.1.2.3 Ensure system is disabled when audit logs are full - action_mail_acct
4.1.2.3 Ensure system is disabled when audit logs are full - admin_space_left_action
4.1.2.3 Ensure system is disabled when audit logs are full - space_left_action
4.1.2.4 Ensure audit_backlog_limit is sufficient
4.1.3 Ensure events that modify date and time information are collected - auditctl b32 /etc/localtime
4.1.3 Ensure events that modify date and time information are collected - auditctl b32 adjtimex
4.1.3 Ensure events that modify date and time information are collected - auditctl b32 clock_settime
4.1.3 Ensure events that modify date and time information are collected - auditctl b64 adjtimex
4.1.3 Ensure events that modify date and time information are collected - auditctl b64 clock_settime
4.1.3 Ensure events that modify date and time information are collected - b32 /etc/localtime
4.1.3 Ensure events that modify date and time information are collected - b32 adjtimex
4.1.3 Ensure events that modify date and time information are collected - b32 clock_settime
4.1.3 Ensure events that modify date and time information are collected - b64 adjtimex
4.1.3 Ensure events that modify date and time information are collected - b64 clock_settime
4.1.4 Ensure events that modify user/group information are collected - /etc/group
4.1.4 Ensure events that modify user/group information are collected - /etc/gshadow
4.1.4 Ensure events that modify user/group information are collected - /etc/passwd
4.1.4 Ensure events that modify user/group information are collected - /etc/security/opasswd
4.1.4 Ensure events that modify user/group information are collected - /etc/shadow
4.1.4 Ensure events that modify user/group information are collected - auditctl /etc/group
4.1.4 Ensure events that modify user/group information are collected - auditctl /etc/gshadow
4.1.4 Ensure events that modify user/group information are collected - auditctl /etc/passwd
4.1.4 Ensure events that modify user/group information are collected - auditctl /etc/security/opasswd
4.1.4 Ensure events that modify user/group information are collected - auditctl /etc/shadow
4.1.5 Ensure events that modify the system's network environment are collected - /etc/hosts
4.1.5 Ensure events that modify the system's network environment are collected - /etc/issue