CIS SUSE Linux Enterprise Workstation 12 L1 v3.1.0

Audit Details

Name: CIS SUSE Linux Enterprise Workstation 12 L1 v3.1.0

Updated: 9/26/2022

Authority: CIS

Plugin: Unix

Revision: 1.1

Estimated Item Count: 270

File Details

Filename: CIS_SUSE_Linux_Enterprise_Workstation_12_v3.1.0_L1.audit

Size: 761 kB

MD5: 265d7e5127c19d68f1060b46f2eba641
SHA256: def9d262f1e3c3ad47264537713b0809b5d41c4462912b260384466626855955

Audit Items

DescriptionCategories
1.1.1.2 Ensure mounting of udf filesystems is disabled

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.1.2 Ensure /tmp is configured - config check

ACCESS CONTROL, MEDIA PROTECTION

1.1.2 Ensure /tmp is configured - mount

ACCESS CONTROL, MEDIA PROTECTION

1.1.3 Ensure noexec option set on /tmp partition

ACCESS CONTROL, MEDIA PROTECTION

1.1.4 Ensure nodev option set on /tmp partition

ACCESS CONTROL, MEDIA PROTECTION

1.1.5 Ensure nosuid option set on /tmp partition

ACCESS CONTROL, MEDIA PROTECTION

1.1.6 Ensure /dev/shm is configured - fstab

ACCESS CONTROL, MEDIA PROTECTION

1.1.6 Ensure /dev/shm is configured - mount

ACCESS CONTROL, MEDIA PROTECTION

1.1.7 Ensure noexec option set on /dev/shm partition

ACCESS CONTROL, MEDIA PROTECTION

1.1.8 Ensure nodev option set on /dev/shm partition

ACCESS CONTROL, MEDIA PROTECTION

1.1.9 Ensure nosuid option set on /dev/shm partition

ACCESS CONTROL, MEDIA PROTECTION

1.1.12 Ensure noexec option set on /var/tmp partition

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.1.13 Ensure nodev option set on /var/tmp partition

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.1.14 Ensure nosuid option set on /var/tmp partition

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.1.18 Ensure nodev option set on /home partition

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.1.19 Ensure noexec option set on removable media partitions

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.1.20 Ensure nodev option set on removable media partitions

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.1.21 Ensure nosuid option set on removable media partitions

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.1.22 Ensure sticky bit is set on all world-writable directories

ACCESS CONTROL, CONFIGURATION MANAGEMENT, MEDIA PROTECTION, SYSTEM AND SERVICES ACQUISITION

1.2.1 Ensure GPG keys are configured

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

1.2.2 Ensure package manager repositories are configured

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

1.2.3 Ensure gpgcheck is globally activated

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

1.3.1 Ensure sudo is installed

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.3.2 Ensure sudo commands use pty

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.3.3 Ensure sudo log file exists

AUDIT AND ACCOUNTABILITY

1.4.1 Ensure AIDE is installed

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

1.4.2 Ensure filesystem integrity is regularly checked - aidecheck.service

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

1.4.2 Ensure filesystem integrity is regularly checked - aidecheck.timer

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

1.4.2 Ensure filesystem integrity is regularly checked - cron

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

1.5.1 Ensure bootloader password is set - password_pbkdf2

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.5.1 Ensure bootloader password is set - superusers

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.5.2 Ensure permissions on bootloader config are configured

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.5.3 Ensure authentication required for single user mode - emergency

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.5.3 Ensure authentication required for single user mode - rescue

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.6.1 Ensure core dumps are restricted - /sbin/sysctl fs.suid_dumpable

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.6.1 Ensure core dumps are restricted - hard core 0

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.6.1 Ensure core dumps are restricted - sysctl.conf fs.suid_dumpable

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.6.1 Ensure core dumps are restricted - systemd-coredump ProcessSizeMax

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.6.1 Ensure core dumps are restricted - systemd-coredump Storage

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.6.2 Ensure XD/NX support is enabled

SYSTEM AND INFORMATION INTEGRITY

1.6.3 Ensure address space layout randomization (ASLR) is enabled - sysctl

SYSTEM AND INFORMATION INTEGRITY

1.6.3 Ensure address space layout randomization (ASLR) is enabled - sysctl.conf

SYSTEM AND INFORMATION INTEGRITY

1.6.4 Ensure prelink is disabled

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.7.1.1 Ensure AppArmor is installed - apparmor-docs

ACCESS CONTROL, MEDIA PROTECTION

1.7.1.1 Ensure AppArmor is installed - apparmor-parser

ACCESS CONTROL, MEDIA PROTECTION

1.7.1.1 Ensure AppArmor is installed - apparmor-profiles

ACCESS CONTROL, MEDIA PROTECTION

1.7.1.1 Ensure AppArmor is installed - apparmor-utils

ACCESS CONTROL, MEDIA PROTECTION

1.7.1.1 Ensure AppArmor is installed - libapparmor1

ACCESS CONTROL, MEDIA PROTECTION

1.7.1.2 Ensure AppArmor is enabled in the bootloader configuration - apparmor=1

ACCESS CONTROL, MEDIA PROTECTION

1.7.1.2 Ensure AppArmor is enabled in the bootloader configuration - security=apparmor

ACCESS CONTROL, MEDIA PROTECTION