Detections
Analytics

CIS SUSE Linux Enterprise 12 v3.1.0 L1 Workstation

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS SUSE Linux Enterprise 12 v3.1.0 L1 Workstation

Updated: 1/6/2025

Authority: CIS

Plugin: Unix

Revision: 1.27

Estimated Item Count: 175

File Details

Filename: CIS_SUSE_Linux_Enterprise_Workstation_12_v3.1.0_L1.audit

Size: 404 kB

MD5: e5891e14afdd67a1f574f28370ef766c
SHA256: f9ee9fe3dcf88c68bd586d59b7aca9f60d770acc5760950605ff3b4dd567c0db

Audit Items

DescriptionCategories
1.1.1.2 Ensure mounting of udf filesystems is disabled
1.1.2 Ensure /tmp is configured
1.1.3 Ensure noexec option set on /tmp partition
1.1.4 Ensure nodev option set on /tmp partition
1.1.5 Ensure nosuid option set on /tmp partition
1.1.6 Ensure /dev/shm is configured
1.1.7 Ensure noexec option set on /dev/shm partition
1.1.8 Ensure nodev option set on /dev/shm partition
1.1.9 Ensure nosuid option set on /dev/shm partition
1.1.12 Ensure noexec option set on /var/tmp partition
1.1.13 Ensure nodev option set on /var/tmp partition
1.1.14 Ensure nosuid option set on /var/tmp partition
1.1.18 Ensure nodev option set on /home partition
1.1.19 Ensure noexec option set on removable media partitions
1.1.20 Ensure nodev option set on removable media partitions
1.1.21 Ensure nosuid option set on removable media partitions
1.1.22 Ensure sticky bit is set on all world-writable directories
1.2.1 Ensure GPG keys are configured
1.2.2 Ensure package manager repositories are configured
1.2.3 Ensure gpgcheck is globally activated
1.3.1 Ensure sudo is installed
1.3.2 Ensure sudo commands use pty
1.3.3 Ensure sudo log file exists
1.4.1 Ensure AIDE is installed
1.4.2 Ensure filesystem integrity is regularly checked
1.5.1 Ensure bootloader password is set
1.5.2 Ensure permissions on bootloader config are configured
1.5.3 Ensure authentication required for single user mode
1.6.1 Ensure core dumps are restricted
1.6.2 Ensure XD/NX support is enabled
1.6.3 Ensure address space layout randomization (ASLR) is enabled
1.6.4 Ensure prelink is disabled
1.7.1.1 Ensure AppArmor is installed
1.7.1.2 Ensure AppArmor is enabled in the bootloader configuration
1.7.1.3 Ensure all AppArmor Profiles are in enforce or complain mode
1.8.1.1 Ensure message of the day is configured properly
1.8.1.2 Ensure local login warning banner is configured properly
1.8.1.3 Ensure remote login warning banner is configured properly
1.8.1.4 Ensure permissions on /etc/motd are configured
1.8.1.5 Ensure permissions on /etc/issue are configured
1.8.1.6 Ensure permissions on /etc/issue.net are configured
1.9 Ensure updates, patches, and additional security software are installed
1.10 Ensure GDM is removed or login is configured
2.1.1 Ensure xinetd is not installed
2.2.1.1 Ensure time synchronization is in use
2.2.1.2 Ensure systemd-timesyncd is configured
2.2.1.3 Ensure chrony is configured
2.2.1.4 Ensure ntp is configured
2.2.5 Ensure DHCP Server is not installed
2.2.6 Ensure LDAP server is not installed