Detections
Analytics

CIS SUSE Linux Enterprise 12 v3.1.0 L2 Workstation

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS SUSE Linux Enterprise 12 v3.1.0 L2 Workstation

Updated: 1/6/2025

Authority: CIS

Plugin: Unix

Revision: 1.12

Estimated Item Count: 39

Audit Items

DescriptionCategories
1.1.1.1 Ensure mounting of squashfs filesystems is disabled
1.1.1.3 Ensure mounting of FAT filesystems is limited
1.1.10 Ensure separate partition exists for /var
1.1.11 Ensure separate partition exists for /var/tmp
1.1.15 Ensure separate partition exists for /var/log
1.1.16 Ensure separate partition exists for /var/log/audit
1.1.17 Ensure separate partition exists for /home
1.1.23 Disable Automounting
1.7.1.4 Ensure all AppArmor Profiles are enforcing
2.2.3 Ensure Avahi Server is not installed
3.1.1 Disable IPv6
3.1.2 Ensure wireless interfaces are disabled
3.4.1 Ensure DCCP is disabled
3.4.2 Ensure SCTP is disabled
4.1.1.1 Ensure auditd is installed
4.1.1.2 Ensure auditd service is enabled and running
4.1.1.3 Ensure auditing for processes that start prior to auditd is enabled
4.1.2.1 Ensure audit log storage size is configured
4.1.2.2 Ensure audit logs are not automatically deleted
4.1.2.3 Ensure system is disabled when audit logs are full
4.1.2.4 Ensure audit_backlog_limit is sufficient
4.1.3 Ensure events that modify date and time information are collected
4.1.4 Ensure events that modify user/group information are collected
4.1.5 Ensure events that modify the system's network environment are collected
4.1.6 Ensure events that modify the system's Mandatory Access Controls are collected
4.1.7 Ensure login and logout events are collected
4.1.8 Ensure session initiation information is collected
4.1.9 Ensure discretionary access control permission modification events are collected
4.1.10 Ensure unsuccessful unauthorized file access attempts are collected
4.1.11 Ensure use of privileged commands is collected
4.1.12 Ensure successful file system mounts are collected
4.1.13 Ensure file deletion events by users are collected
4.1.14 Ensure changes to system administration scope (sudoers) is collected
4.1.15 Ensure system administrator actions (sudolog) are collected
4.1.16 Ensure kernel module loading and unloading is collected
4.1.17 Ensure the audit configuration is immutable
5.2.20 Ensure SSH AllowTcpForwarding is disabled
6.1.1 Audit system file permissions
CIS_SUSE_Linux_Enterprise_Workstation_12_v3.1.0_L2.audit from CIS SUSE Linux Enterprise 12 Benchmark