CIS SUSE Linux Enterprise Server 12 L1 v3.1.0

Audit Details

Name: CIS SUSE Linux Enterprise Server 12 L1 v3.1.0

Updated: 4/22/2024

Authority: CIS

Plugin: Unix

Revision: 1.20

Estimated Item Count: 273

File Details

Filename: CIS_SUSE_Linux_Enterprise_Server_12_v3.1.0_L1.audit

Size: 822 kB

MD5: db48880d1dd8bbc9b533aee35468291c
SHA256: 5414b8a6bba251dd0d7537dbba763fbe6acf2f3b9008d84f54a817436935b260

Audit Items

DescriptionCategories
1.1.1.2 Ensure mounting of udf filesystems is disabled

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.1.2 Ensure /tmp is configured - config check

ACCESS CONTROL, MEDIA PROTECTION

1.1.2 Ensure /tmp is configured - mount

ACCESS CONTROL, MEDIA PROTECTION

1.1.3 Ensure noexec option set on /tmp partition

ACCESS CONTROL, MEDIA PROTECTION

1.1.4 Ensure nodev option set on /tmp partition

ACCESS CONTROL, MEDIA PROTECTION

1.1.5 Ensure nosuid option set on /tmp partition

ACCESS CONTROL, MEDIA PROTECTION

1.1.6 Ensure /dev/shm is configured - fstab

ACCESS CONTROL, MEDIA PROTECTION

1.1.6 Ensure /dev/shm is configured - mount

ACCESS CONTROL, MEDIA PROTECTION

1.1.7 Ensure noexec option set on /dev/shm partition

ACCESS CONTROL, MEDIA PROTECTION

1.1.8 Ensure nodev option set on /dev/shm partition

ACCESS CONTROL, MEDIA PROTECTION

1.1.9 Ensure nosuid option set on /dev/shm partition

ACCESS CONTROL, MEDIA PROTECTION

1.1.12 Ensure noexec option set on /var/tmp partition

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.1.13 Ensure nodev option set on /var/tmp partition

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.1.14 Ensure nosuid option set on /var/tmp partition

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.1.18 Ensure nodev option set on /home partition

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.1.19 Ensure noexec option set on removable media partitions

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.1.20 Ensure nodev option set on removable media partitions

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.1.21 Ensure nosuid option set on removable media partitions

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.1.22 Ensure sticky bit is set on all world-writable directories

ACCESS CONTROL, CONFIGURATION MANAGEMENT, MEDIA PROTECTION, SYSTEM AND SERVICES ACQUISITION

1.1.23 Disable Automounting

MEDIA PROTECTION

1.2.1 Ensure GPG keys are configured

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

1.2.2 Ensure package manager repositories are configured

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

1.2.3 Ensure gpgcheck is globally activated

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

1.3.1 Ensure sudo is installed

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.3.2 Ensure sudo commands use pty

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.3.3 Ensure sudo log file exists

AUDIT AND ACCOUNTABILITY

1.4.1 Ensure AIDE is installed

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

1.4.2 Ensure filesystem integrity is regularly checked - aidecheck.service

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

1.4.2 Ensure filesystem integrity is regularly checked - aidecheck.timer

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

1.4.2 Ensure filesystem integrity is regularly checked - cron

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

1.5.1 Ensure bootloader password is set - password_pbkdf2

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.5.1 Ensure bootloader password is set - superusers

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.5.2 Ensure permissions on bootloader config are configured

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.5.3 Ensure authentication required for single user mode - emergency

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.5.3 Ensure authentication required for single user mode - rescue

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.6.1 Ensure core dumps are restricted - /sbin/sysctl fs.suid_dumpable

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.6.1 Ensure core dumps are restricted - hard core 0

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.6.1 Ensure core dumps are restricted - sysctl.conf fs.suid_dumpable

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.6.1 Ensure core dumps are restricted - systemd-coredump ProcessSizeMax

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.6.1 Ensure core dumps are restricted - systemd-coredump Storage

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.6.2 Ensure XD/NX support is enabled

SYSTEM AND INFORMATION INTEGRITY

1.6.3 Ensure address space layout randomization (ASLR) is enabled - sysctl

SYSTEM AND INFORMATION INTEGRITY

1.6.3 Ensure address space layout randomization (ASLR) is enabled - sysctl.conf

SYSTEM AND INFORMATION INTEGRITY

1.6.4 Ensure prelink is disabled

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.7.1.1 Ensure AppArmor is installed - apparmor-docs

ACCESS CONTROL, MEDIA PROTECTION

1.7.1.1 Ensure AppArmor is installed - apparmor-parser

ACCESS CONTROL, MEDIA PROTECTION

1.7.1.1 Ensure AppArmor is installed - apparmor-profiles

ACCESS CONTROL, MEDIA PROTECTION

1.7.1.1 Ensure AppArmor is installed - apparmor-utils

ACCESS CONTROL, MEDIA PROTECTION

1.7.1.1 Ensure AppArmor is installed - libapparmor1

ACCESS CONTROL, MEDIA PROTECTION

1.7.1.2 Ensure AppArmor is enabled in the bootloader configuration - apparmor=1

ACCESS CONTROL, MEDIA PROTECTION