Detections
Analytics

CIS SUSE Linux Enterprise Workstation 11 L2 v2.1.0

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS SUSE Linux Enterprise Workstation 11 L2 v2.1.0

Updated: 9/8/2022

Authority: Operating Systems and Applications

Plugin: Unix

Revision: 1.13

Estimated Item Count: 131

File Details

Filename: CIS_SUSE_Linux_Enterprise_Workstation_11_v2.1.0_L2.audit

Size: 282 kB

MD5: c658240e11ca77fb73de8d006d6df6e4
SHA256: 39cc1abab8caa3a09672a738191a6191d74abebf7e83d3f365a427d4ad59eea3

Audit Items

DescriptionCategories
1.1.1.8 Ensure mounting of FAT filesystems is disabled - /etc/modprobe.d/*
1.1.1.8 Ensure mounting of FAT filesystems is disabled - lsmod
1.1.1.8 Ensure mounting of FAT filesystems is disabled - modprobe
1.1.2 Ensure separate partition exists for /tmp
1.1.6 Ensure separate partition exists for /var
1.1.7 Ensure separate partition exists for /var/tmp
1.1.11 Ensure separate partition exists for /var/log
1.1.12 Ensure separate partition exists for /var/log/audit
1.1.13 Ensure separate partition exists for /home
1.1.22 Disable Automounting
1.6.1.1 Ensure SELinux is not disabled in bootloader configuration - enforcing
1.6.1.1 Ensure SELinux is not disabled in bootloader configuration - selinux
1.6.1.2 Ensure the SELinux state is enforcing
1.6.1.3 Ensure SELinux policy is configured
1.6.1.4 Ensure SETroubleshoot is not installed
1.6.1.5 Ensure the MCS Translation Service (mcstrans) is not installed
1.6.1.6 Ensure no unconfined daemons exist
1.6.2.1 Ensure AppArmor is not disabled in bootloader configuration
1.6.2.2 Ensure all AppArmor Profiles are enforcing - complain mode
1.6.2.2 Ensure all AppArmor Profiles are enforcing - processes unconfined
1.6.2.2 Ensure all AppArmor Profiles are enforcing - profiles loaded
1.6.3 Ensure SELinux or AppArmor are installed
2.2.4 Ensure CUPS is not enabled
3.7 Ensure wireless interfaces are disabled
4.1.1.1 Ensure audit log storage size is configured
4.1.1.2 Ensure system is disabled when audit logs are full - action_mail_acct
4.1.1.2 Ensure system is disabled when audit logs are full - admin_space_left_action
4.1.1.2 Ensure system is disabled when audit logs are full - space_left_action
4.1.1.3 Ensure audit logs are not automatically deleted
4.1.2 Ensure auditd service is enabled
4.1.3 Ensure auditing for processes that start prior to auditd is enabled
4.1.4 Ensure events that modify date and time information are collected - audit.rules b32 adjtimex
4.1.4 Ensure events that modify date and time information are collected - audit.rules b32 clock_settime
4.1.4 Ensure events that modify date and time information are collected - audit.rules b64 adjtimex
4.1.4 Ensure events that modify date and time information are collected - audit.rules b64 clock_settime
4.1.4 Ensure events that modify date and time information are collected - audit.rules time-change
4.1.4 Ensure events that modify date and time information are collected - auditctl b32 adjtimex
4.1.4 Ensure events that modify date and time information are collected - auditctl b32 clock_settime
4.1.4 Ensure events that modify date and time information are collected - auditctl b64 adjtimex
4.1.4 Ensure events that modify date and time information are collected - auditctl b64 clock_settime
4.1.4 Ensure events that modify date and time information are collected - auditctl time-change
4.1.5 Ensure events that modify user/group information are collected - /etc/group
4.1.5 Ensure events that modify user/group information are collected - /etc/gshadow
4.1.5 Ensure events that modify user/group information are collected - /etc/passwd
4.1.5 Ensure events that modify user/group information are collected - /etc/security/opasswd
4.1.5 Ensure events that modify user/group information are collected - /etc/shadow
4.1.5 Ensure events that modify user/group information are collected - auditctl /etc/group
4.1.5 Ensure events that modify user/group information are collected - auditctl /etc/gshadow
4.1.5 Ensure events that modify user/group information are collected - auditctl /etc/passwd
4.1.5 Ensure events that modify user/group information are collected - auditctl /etc/security/opasswd