DISA SLES 12 STIG v2r7

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: DISA SLES 12 STIG v2r7

Updated: 4/12/2023

Authority: Operating Systems and Applications

Plugin: Unix

Revision: 1.4

Estimated Item Count: 281

Audit Items

DescriptionCategories
DISA_STIG_SLES_12_v2r7.audit from DISA SLES 12 v2r7 STIG
SLES-12-010000 - The SUSE operating system must be a vendor-supported release.
SLES-12-010010 - Vendor-packaged SUSE operating system security patches and updates must be installed and up to date.
SLES-12-010020 - The SUSE operating system must display the Standard Mandatory DoD Notice and Consent Banner until users acknowledge the usage conditions and take explicit actions to log on for further access to the local graphical user interface - filename
SLES-12-010020 - The SUSE operating system must display the Standard Mandatory DoD Notice and Consent Banner until users acknowledge the usage conditions and take explicit actions to log on for further access to the local graphical user interface - text-info
SLES-12-010020 - The SUSE operating system must display the Standard Mandatory DoD Notice and Consent Banner until users acknowledge the usage conditions and take explicit actions to log on for further access to the local graphical user interface - title
SLES-12-010030 - The SUSE operating system must display the Standard Mandatory DoD Notice and Consent Banner before granting access via local console.
SLES-12-010040 - The SUSE operating system must display a banner before granting local or remote access to the system via a graphical user logon - banner-message-enable
SLES-12-010040 - The SUSE operating system must display a banner before granting local or remote access to the system via a graphical user logon - file-db
SLES-12-010040 - The SUSE operating system must display a banner before granting local or remote access to the system via a graphical user logon - system-db
SLES-12-010040 - The SUSE operating system must display a banner before granting local or remote access to the system via a graphical user logon - user-db
SLES-12-010050 - The SUSE operating system must display the approved Standard Mandatory DoD Notice before granting local or remote access to the system via a graphical user logon.
SLES-12-010060 - The SUSE operating system must be able to lock the graphical user interface (GUI).
SLES-12-010070 - The SUSE operating system must utilize vlock to allow for session locking.
SLES-12-010080 - The SUSE operating system must initiate a session lock after a 15-minute period of inactivity for the graphical user interface - GUI.
SLES-12-010090 - The SUSE operating system must initiate a session lock after a 15-minute period of inactivity - export
SLES-12-010090 - The SUSE operating system must initiate a session lock after a 15-minute period of inactivity - readonly
SLES-12-010090 - The SUSE operating system must initiate a session lock after a 15-minute period of inactivity - TMOUT
SLES-12-010100 - The SUSE operating system must conceal, via the session lock, information previously visible on the display with a publicly viewable image in the graphical user interface - GUI.
SLES-12-010109 - The SUSE operating system must specify the default 'include' directory for the /etc/sudoers file - /etc/sudoers
SLES-12-010109 - The SUSE operating system must specify the default 'include' directory for the /etc/sudoers file - /etc/sudoers.d/*
SLES-12-010110 - The SUSE operating system must reauthenticate users when changing authenticators, roles, or escalating privileges - !authenticate
SLES-12-010110 - The SUSE operating system must reauthenticate users when changing authenticators, roles, or escalating privileges - NOPASSWD
SLES-12-010111 - The SUSE operating system must restrict privilege elevation to authorized personnel - /etc/sudoers
SLES-12-010111 - The SUSE operating system must restrict privilege elevation to authorized personnel - /etc/sudoers.d/*
SLES-12-010112 - The SUSE operating system must use the invoking user's password for privilege escalation when using 'sudo' - rootpw
SLES-12-010112 - The SUSE operating system must use the invoking user's password for privilege escalation when using 'sudo' - runaspw
SLES-12-010112 - The SUSE operating system must use the invoking user's password for privilege escalation when using 'sudo' - targetpw
SLES-12-010113 - The SUSE operating system must require re-authentication when using the 'sudo' command - sudo command.
SLES-12-010114 - The SUSE operating system must not be configured to bypass password requirements for privilege escalation.
SLES-12-010120 - The SUSE operating system must limit the number of concurrent sessions to 10 for all accounts and/or account types.
SLES-12-010130 - The SUSE operating system must lock an account after three consecutive invalid access attempts - common-account
SLES-12-010130 - The SUSE operating system must lock an account after three consecutive invalid access attempts - common-auth
SLES-12-010140 - The SUSE operating system must enforce a delay of at least four (4) seconds between logon prompts following a failed logon attempt.
SLES-12-010150 - The SUSE operating system must enforce passwords that contain at least one upper-case character.
SLES-12-010160 - The SUSE operating system must enforce passwords that contain at least one lower-case character.
SLES-12-010170 - The SUSE operating system must enforce passwords that contain at least one numeric character.
SLES-12-010180 - The SUSE operating system must enforce passwords that contain at least one special character.
SLES-12-010190 - The SUSE operating system must require the change of at least eight (8) of the total number of characters when passwords are changed.
SLES-12-010210 - The SUSE operating system must employ FIPS 140-2 approved cryptographic hashing algorithm for system authentication (login.defs).
SLES-12-010220 - The SUSE operating system must employ FIPS 140-2-approved cryptographic hashing algorithms for all stored passwords.
SLES-12-010221 - The SUSE operating system must not have accounts configured with blank or null passwords.
SLES-12-010230 - The SUSE operating system must configure the Linux Pluggable Authentication Modules (PAM) to only store encrypted representations of passwords - nullok
SLES-12-010230 - The SUSE operating system must configure the Linux Pluggable Authentication Modules (PAM) to only store encrypted representations of passwords - sha512
SLES-12-010231 - The SUSE operating system must not be configured to allow blank or null passwords.
SLES-12-010240 - The SUSE operating system must employ FIPS 140-2-approved cryptographic hashing algorithms for all stored passwords - SHA_CRYPT_MIN_ROUNDS
SLES-12-010250 - The SUSE operating system must employ passwords with a minimum of 15 characters.
SLES-12-010260 - The SUSE operating system must be configured to create or update passwords with a minimum lifetime of 24 hours (one day) - 1 day.
SLES-12-010270 - The SUSE operating system must employ user passwords with a minimum lifetime of 24 hours (one day) - 1 day.
SLES-12-010280 - The SUSE operating system must be configured to create or update passwords with a maximum lifetime of 60 days.