Detections
Analytics

CIS SUSE Linux Enterprise Workstation 12 L2 v3.0.0

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS SUSE Linux Enterprise Workstation 12 L2 v3.0.0

Updated: 8/23/2022

Authority: CIS

Plugin: Unix

Revision: 1.5

Estimated Item Count: 128

File Details

Filename: CIS_SUSE_Linux_Enterprise_Workstation_12_v3.0.0_L2.audit

Size: 353 kB

MD5: 35fae45a3a307365fb6d0641b39360f7
SHA256: 922a038a25ec5d43fbea29cd9113ace928ad9b14280aca5906fc9adc616c055e

Audit Items

DescriptionCategories
1.1.1.1 Ensure mounting of squashfs filesystems is disabled
1.1.10 Ensure separate partition exists for /var
1.1.11 Ensure separate partition exists for /var/tmp
1.1.15 Ensure separate partition exists for /var/log
1.1.16 Ensure separate partition exists for /var/log/audit
1.1.17 Ensure separate partition exists for /home
1.1.23 Disable Automounting
1.6.1.4 Ensure all AppArmor Profiles are enforcing
1.6.1.4 Ensure all AppArmor Profiles are enforcing - profiles complain
1.6.1.4 Ensure all AppArmor Profiles are enforcing - profiles loaded
2.2.3 Ensure Avahi Server is not installed - avahi
2.2.3 Ensure Avahi Server is not installed - avahi-autoipd
3.1.1 Disable IPv6 - grub.cfg
3.1.1 Disable IPv6 - sysctl all disable_ipv6
3.1.1 Disable IPv6 - sysctl default disable_ipv6
3.1.1 Disable IPv6 - sysctl.conf all disable_ipv6
3.1.1 Disable IPv6 - sysctl.conf default disable_ipv6
3.4.1 Ensure DCCP is disabled - lsmod
3.4.1 Ensure DCCP is disabled - modprobe
3.4.2 Ensure SCTP is disabled - lsmod
3.4.2 Ensure SCTP is disabled - modprobe
4.1.1.1 Ensure auditd is installed
4.1.1.2 Ensure auditd service is enabled and running - enabled
4.1.1.2 Ensure auditd service is enabled and running - running
4.1.1.3 Ensure auditing for processes that start prior to auditd is enabled
4.1.2.1 Ensure audit log storage size is configured
4.1.2.2 Ensure audit logs are not automatically deleted
4.1.2.3 Ensure system is disabled when audit logs are full - action_mail_acct
4.1.2.3 Ensure system is disabled when audit logs are full - admin_space_left_action
4.1.2.3 Ensure system is disabled when audit logs are full - space_left_action
4.1.2.4 Ensure audit_backlog_limit is sufficient
4.1.3 Ensure events that modify date and time information are collected - auditctl b32 /etc/localtime
4.1.3 Ensure events that modify date and time information are collected - auditctl b32 adjtimex
4.1.3 Ensure events that modify date and time information are collected - auditctl b32 clock_settime
4.1.3 Ensure events that modify date and time information are collected - auditctl b64 adjtimex
4.1.3 Ensure events that modify date and time information are collected - auditctl b64 clock_settime
4.1.3 Ensure events that modify date and time information are collected - b32 /etc/localtime
4.1.3 Ensure events that modify date and time information are collected - b32 adjtimex
4.1.3 Ensure events that modify date and time information are collected - b32 clock_settime
4.1.3 Ensure events that modify date and time information are collected - b64 adjtimex
4.1.3 Ensure events that modify date and time information are collected - b64 clock_settime
4.1.4 Ensure events that modify user/group information are collected - /etc/group
4.1.4 Ensure events that modify user/group information are collected - /etc/gshadow
4.1.4 Ensure events that modify user/group information are collected - /etc/passwd
4.1.4 Ensure events that modify user/group information are collected - /etc/security/opasswd
4.1.4 Ensure events that modify user/group information are collected - /etc/shadow
4.1.4 Ensure events that modify user/group information are collected - auditctl /etc/group
4.1.4 Ensure events that modify user/group information are collected - auditctl /etc/gshadow
4.1.4 Ensure events that modify user/group information are collected - auditctl /etc/passwd
4.1.4 Ensure events that modify user/group information are collected - auditctl /etc/security/opasswd