CIS SUSE Linux Enterprise Workstation 12 L1 v3.1.0

Audit Details

Name: CIS SUSE Linux Enterprise Workstation 12 L1 v3.1.0

Updated: 1/9/2024

Authority: CIS

Plugin: Unix

Revision: 1.20

Estimated Item Count: 269

File Details

Filename: CIS_SUSE_Linux_Enterprise_Workstation_12_v3.1.0_L1.audit

Size: 818 kB

MD5: 8634716598290f05e7178fd4b595f368
SHA256: f47baf1d4ede3348306a02c6ad7d9d29238d1ebd133c6aa86d0e4d2baa4f3f4e

Audit Items

DescriptionCategories
1.1.1.2 Ensure mounting of udf filesystems is disabled

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.1.2 Ensure /tmp is configured - config check

ACCESS CONTROL, MEDIA PROTECTION

1.1.2 Ensure /tmp is configured - mount

ACCESS CONTROL, MEDIA PROTECTION

1.1.3 Ensure noexec option set on /tmp partition

ACCESS CONTROL, MEDIA PROTECTION

1.1.4 Ensure nodev option set on /tmp partition

ACCESS CONTROL, MEDIA PROTECTION

1.1.5 Ensure nosuid option set on /tmp partition

ACCESS CONTROL, MEDIA PROTECTION

1.1.6 Ensure /dev/shm is configured - fstab

ACCESS CONTROL, MEDIA PROTECTION

1.1.6 Ensure /dev/shm is configured - mount

ACCESS CONTROL, MEDIA PROTECTION

1.1.7 Ensure noexec option set on /dev/shm partition

ACCESS CONTROL, MEDIA PROTECTION

1.1.8 Ensure nodev option set on /dev/shm partition

ACCESS CONTROL, MEDIA PROTECTION

1.1.9 Ensure nosuid option set on /dev/shm partition

ACCESS CONTROL, MEDIA PROTECTION

1.1.12 Ensure noexec option set on /var/tmp partition

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.1.13 Ensure nodev option set on /var/tmp partition

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.1.14 Ensure nosuid option set on /var/tmp partition

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.1.18 Ensure nodev option set on /home partition

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.1.19 Ensure noexec option set on removable media partitions

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.1.20 Ensure nodev option set on removable media partitions

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.1.21 Ensure nosuid option set on removable media partitions

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.1.22 Ensure sticky bit is set on all world-writable directories

ACCESS CONTROL, CONFIGURATION MANAGEMENT, MEDIA PROTECTION, SYSTEM AND SERVICES ACQUISITION

1.2.1 Ensure GPG keys are configured

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

1.2.2 Ensure package manager repositories are configured

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

1.2.3 Ensure gpgcheck is globally activated

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

1.3.1 Ensure sudo is installed

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.3.2 Ensure sudo commands use pty

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.3.3 Ensure sudo log file exists

AUDIT AND ACCOUNTABILITY

1.4.1 Ensure AIDE is installed

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

1.4.2 Ensure filesystem integrity is regularly checked - aidecheck.service

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

1.4.2 Ensure filesystem integrity is regularly checked - aidecheck.timer

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

1.4.2 Ensure filesystem integrity is regularly checked - cron

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

1.5.1 Ensure bootloader password is set - password_pbkdf2

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.5.1 Ensure bootloader password is set - superusers

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.5.2 Ensure permissions on bootloader config are configured

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.5.3 Ensure authentication required for single user mode - emergency

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.5.3 Ensure authentication required for single user mode - rescue

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.6.1 Ensure core dumps are restricted - /sbin/sysctl fs.suid_dumpable

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.6.1 Ensure core dumps are restricted - hard core 0

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.6.1 Ensure core dumps are restricted - sysctl.conf fs.suid_dumpable

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.6.1 Ensure core dumps are restricted - systemd-coredump ProcessSizeMax

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.6.1 Ensure core dumps are restricted - systemd-coredump Storage

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.6.2 Ensure XD/NX support is enabled

SYSTEM AND INFORMATION INTEGRITY

1.6.3 Ensure address space layout randomization (ASLR) is enabled - sysctl

SYSTEM AND INFORMATION INTEGRITY

1.6.3 Ensure address space layout randomization (ASLR) is enabled - sysctl.conf

SYSTEM AND INFORMATION INTEGRITY

1.6.4 Ensure prelink is disabled

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.7.1.1 Ensure AppArmor is installed - apparmor-docs

ACCESS CONTROL, MEDIA PROTECTION

1.7.1.1 Ensure AppArmor is installed - apparmor-parser

ACCESS CONTROL, MEDIA PROTECTION

1.7.1.1 Ensure AppArmor is installed - apparmor-profiles

ACCESS CONTROL, MEDIA PROTECTION

1.7.1.1 Ensure AppArmor is installed - apparmor-utils

ACCESS CONTROL, MEDIA PROTECTION

1.7.1.1 Ensure AppArmor is installed - libapparmor1

ACCESS CONTROL, MEDIA PROTECTION

1.7.1.2 Ensure AppArmor is enabled in the bootloader configuration - apparmor=1

ACCESS CONTROL, MEDIA PROTECTION

1.7.1.2 Ensure AppArmor is enabled in the bootloader configuration - security=apparmor

ACCESS CONTROL, MEDIA PROTECTION