Detections
Analytics

CIS SUSE Linux Enterprise Workstation 11 L1 v2.1.0

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS SUSE Linux Enterprise Workstation 11 L1 v2.1.0

Updated: 9/8/2022

Authority: CIS

Plugin: Unix

Revision: 1.26

Estimated Item Count: 271

File Details

Filename: CIS_SUSE_Linux_Enterprise_Workstation_11_v2.1.0_L1.audit

Size: 351 kB

MD5: e6ff254a0336a24177dbcf06b45efd16
SHA256: cc8768e22290d6efb7ce44c3bde671db900711c65ac129c6b000cbed2a88fccd

Audit Items

DescriptionCategories
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - /etc/modprobe.d/*
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmod
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - modprobe
1.1.1.2 Ensure mounting of freevxfs filesystems is disabled - /etc/modprobe.d/*
1.1.1.2 Ensure mounting of freevxfs filesystems is disabled - lsmod
1.1.1.2 Ensure mounting of freevxfs filesystems is disabled - modprobe
1.1.1.3 Ensure mounting of jffs2 filesystems is disabled - /etc/modprobe.d/*
1.1.1.3 Ensure mounting of jffs2 filesystems is disabled - lsmod
1.1.1.3 Ensure mounting of jffs2 filesystems is disabled - modprobe
1.1.1.4 Ensure mounting of hfs filesystems is disabled - /etc/modprobe.d/*
1.1.1.4 Ensure mounting of hfs filesystems is disabled - lsmod
1.1.1.4 Ensure mounting of hfs filesystems is disabled - modprobe
1.1.1.5 Ensure mounting of hfsplus filesystems is disabled - /etc/modprobe.d/*
1.1.1.5 Ensure mounting of hfsplus filesystems is disabled - lsmod
1.1.1.5 Ensure mounting of hfsplus filesystems is disabled - modprobe
1.1.1.6 Ensure mounting of squashfs filesystems is disabled - /etc/modprobe.d/*
1.1.1.6 Ensure mounting of squashfs filesystems is disabled - lsmod
1.1.1.6 Ensure mounting of squashfs filesystems is disabled - modprobe
1.1.1.7 Ensure mounting of udf filesystems is disabled - /etc/modprobe.d/*
1.1.1.7 Ensure mounting of udf filesystems is disabled - lsmod
1.1.1.7 Ensure mounting of udf filesystems is disabled - modprobe
1.1.3 Ensure nodev option set on /tmp partition
1.1.4 Ensure nosuid option set on /tmp partition
1.1.5 Ensure noexec option set on /tmp partition
1.1.8 Ensure nodev option set on /var/tmp partition
1.1.9 Ensure nosuid option set on /var/tmp partition
1.1.10 Ensure noexec option set on /var/tmp partition
1.1.14 Ensure nodev option set on /home partition
1.1.15 Ensure nodev option set on /dev/shm partition
1.1.16 Ensure nosuid option set on /dev/shm partition
1.1.17 Ensure noexec option set on /dev/shm partition
1.1.18 Ensure nodev option set on removable media partitions
1.1.19 Ensure nosuid option set on removable media partitions
1.1.20 Ensure noexec option set on removable media partitions
1.1.21 Ensure sticky bit is set on all world-writable directories
1.2.1 Ensure package manager repositories are configured
1.2.2 Ensure GPG keys are configured
1.3.1 Ensure AIDE is installed
1.3.2 Ensure filesystem integrity is regularly checked
1.4.1 Ensure permissions on bootloader config are configured
1.4.2 Ensure bootloader password is set - password_pbkdf2
1.4.2 Ensure bootloader password is set - superusers
1.4.3 Ensure authentication required for single user mode
1.5.1 Ensure core dumps are restricted - /etc/sysctl
1.5.1 Ensure core dumps are restricted - fs.suid_dumpable
1.5.1 Ensure core dumps are restricted - hard core 0
1.5.2 Ensure XD/NX support is enabled
1.5.3 Ensure address space layout randomization (ASLR) is enabled - /etc/sysctl
1.5.3 Ensure address space layout randomization (ASLR) is enabled - sysctl
1.5.4 Ensure prelink is disabled