Detections
Analytics

CIS SUSE Linux Enterprise 12 v3.1.0 L2 Server

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS SUSE Linux Enterprise 12 v3.1.0 L2 Server

Updated: 1/6/2025

Authority: CIS

Plugin: Unix

Revision: 1.10

Estimated Item Count: 37

File Details

Filename: CIS_SUSE_Linux_Enterprise_Server_12_v3.1.0_L2.audit

Size: 177 kB

MD5: 07a0b9f14953bb2225c65068287797dc
SHA256: 3dea95ed3855aa462920ccd7b25341160a564304de621628c6cbb7c150bfda56

Audit Items

DescriptionCategories
1.1.1.1 Ensure mounting of squashfs filesystems is disabled
1.1.1.3 Ensure mounting of FAT filesystems is limited
1.1.10 Ensure separate partition exists for /var
1.1.11 Ensure separate partition exists for /var/tmp
1.1.15 Ensure separate partition exists for /var/log
1.1.16 Ensure separate partition exists for /var/log/audit
1.1.17 Ensure separate partition exists for /home
1.7.1.4 Ensure all AppArmor Profiles are enforcing
3.1.1 Disable IPv6
3.4.1 Ensure DCCP is disabled
3.4.2 Ensure SCTP is disabled
4.1.1.1 Ensure auditd is installed
4.1.1.2 Ensure auditd service is enabled and running
4.1.1.3 Ensure auditing for processes that start prior to auditd is enabled
4.1.2.1 Ensure audit log storage size is configured
4.1.2.2 Ensure audit logs are not automatically deleted
4.1.2.3 Ensure system is disabled when audit logs are full
4.1.2.4 Ensure audit_backlog_limit is sufficient
4.1.3 Ensure events that modify date and time information are collected
4.1.4 Ensure events that modify user/group information are collected
4.1.5 Ensure events that modify the system's network environment are collected
4.1.6 Ensure events that modify the system's Mandatory Access Controls are collected
4.1.7 Ensure login and logout events are collected
4.1.8 Ensure session initiation information is collected
4.1.9 Ensure discretionary access control permission modification events are collected
4.1.10 Ensure unsuccessful unauthorized file access attempts are collected
4.1.11 Ensure use of privileged commands is collected
4.1.12 Ensure successful file system mounts are collected
4.1.13 Ensure file deletion events by users are collected
4.1.14 Ensure changes to system administration scope (sudoers) is collected
4.1.15 Ensure system administrator actions (sudolog) are collected
4.1.16 Ensure kernel module loading and unloading is collected
4.1.17 Ensure the audit configuration is immutable
5.2.6 Ensure SSH X11 forwarding is disabled
5.2.20 Ensure SSH AllowTcpForwarding is disabled
6.1.1 Audit system file permissions
CIS_SUSE_Linux_Enterprise_Server_12_v3.1.0_L2.audit from CIS SUSE Linux Enterprise 12 Benchmark