DISA_STIG_SLES_15_v1r6.audit from DISA SUSE Linux Enterprise Server 15 v1r6 STIG

SLES-15-010000 - The SUSE operating system must be a vendor-supported release.

CAT|I

CCI|CCI-001230

Rule-ID|SV-234800r622137_rule

STIG-ID|SLES-15-010000

Vuln-ID|V-234800

SLES-15-010001 - The SUSE operating system must implement the Endpoint Security for Linux Threat Prevention tool - installed

CAT|II

CCI|CCI-001233

Rule-ID|SV-234801r754757_rule

STIG-ID|SLES-15-010001

Vuln-ID|V-234801

SLES-15-010001 - The SUSE operating system must implement the Endpoint Security for Linux Threat Prevention tool - running

SLES-15-010010 - Vendor-packaged SUSE operating system security patches and updates must be installed and up to date.

CCI|CCI-001227

Rule-ID|SV-234802r622137_rule

STIG-ID|SLES-15-010010

Vuln-ID|V-234802

SLES-15-010020 - The SUSE operating system must display the Standard Mandatory DoD Notice and Consent Banner before granting access via local console.

CCI|CCI-000048

Rule-ID|SV-234803r622137_rule

STIG-ID|SLES-15-010020

Vuln-ID|V-234803

SLES-15-010030 - The SUSE operating system must not have the vsftpd package installed if not required for operational support.

CCI|CCI-000197

CCI|CCI-000381

Rule-ID|SV-234804r622137_rule

STIG-ID|SLES-15-010030

Vuln-ID|V-234804

SLES-15-010040 - The SUSE operating system must display the Standard Mandatory DoD Notice and Consent Banner before granting access via SSH - issue

CCI|CCI-001384

CCI|CCI-001385

CCI|CCI-001386

CCI|CCI-001387

CCI|CCI-001388

Rule-ID|SV-234805r622137_rule

STIG-ID|SLES-15-010040

Vuln-ID|V-234805

SLES-15-010040 - The SUSE operating system must display the Standard Mandatory DoD Notice and Consent Banner before granting access via SSH - sshd_config

SLES-15-010050 - The SUSE operating system must display the Standard Mandatory DoD Notice and Consent Banner until users acknowledge the usage conditions and take explicit actions to log on for further access to the local graphical user interface (GUI) - filename

CCI|CCI-000050

Rule-ID|SV-234806r622137_rule

STIG-ID|SLES-15-010050

Vuln-ID|V-234806

SLES-15-010050 - The SUSE operating system must display the Standard Mandatory DoD Notice and Consent Banner until users acknowledge the usage conditions and take explicit actions to log on for further access to the local graphical user interface (GUI) - text-info

SLES-15-010050 - The SUSE operating system must display the Standard Mandatory DoD Notice and Consent Banner until users acknowledge the usage conditions and take explicit actions to log on for further access to the local graphical user interface (GUI) - title

SLES-15-010060 - The SUSE operating system file /etc/gdm/banner must contain the Standard Mandatory DoD Notice and Consent banner text.

Rule-ID|SV-234807r622137_rule

STIG-ID|SLES-15-010060

Vuln-ID|V-234807

SLES-15-010080 - The SUSE operating system must display a banner before granting local or remote access to the system via a graphical user logon.

Rule-ID|SV-234808r622137_rule

STIG-ID|SLES-15-010080

Vuln-ID|V-234808

SLES-15-010090 - The SUSE operating system must display the approved Standard Mandatory DoD Notice before granting local or remote access to the system via a graphical user logon.

Rule-ID|SV-234809r622137_rule

STIG-ID|SLES-15-010090

Vuln-ID|V-234809

SLES-15-010100 - The SUSE operating system must be able to lock the graphical user interface (GUI).

CCI|CCI-000056

CCI|CCI-000058

CCI|CCI-000060

Rule-ID|SV-234810r622137_rule

STIG-ID|SLES-15-010100

Vuln-ID|V-234810

SLES-15-010110 - The SUSE operating system must utilize vlock to allow for session locking.

CAT|III

Rule-ID|SV-234811r622137_rule

STIG-ID|SLES-15-010110

Vuln-ID|V-234811

SLES-15-010120 - The SUSE operating system must initiate a session lock after a 15-minute period of inactivity for the graphical user interface (GUI) - GUI.

CCI|CCI-000057

Rule-ID|SV-234812r622137_rule

STIG-ID|SLES-15-010120

Vuln-ID|V-234812

SLES-15-010130 - The SUSE operating system must initiate a session lock after a 15-minute period of inactivity - export

Rule-ID|SV-234813r622137_rule

STIG-ID|SLES-15-010130

Vuln-ID|V-234813

SLES-15-010130 - The SUSE operating system must initiate a session lock after a 15-minute period of inactivity - readonly

SLES-15-010130 - The SUSE operating system must initiate a session lock after a 15-minute period of inactivity - TMOUT

SLES-15-010140 - The SUSE operating system must conceal, via the session lock, information previously visible on the display with a publicly viewable image in the graphical user interface (GUI) - GUI.

Rule-ID|SV-234814r622137_rule

STIG-ID|SLES-15-010140

Vuln-ID|V-234814

SLES-15-010150 - The SUSE operating system must log SSH connection attempts and failures to the server - LogLevel

CCI|CCI-000067

Rule-ID|SV-234815r622137_rule

STIG-ID|SLES-15-010150

Vuln-ID|V-234815

SLES-15-010160 - The SUSE operating system must implement DoD-approved encryption to protect the confidentiality of SSH remote connections.

CCI|CCI-000068

Rule-ID|SV-234816r744125_rule

STIG-ID|SLES-15-010160

Vuln-ID|V-234816

SLES-15-010170 - The SUSE operating system, for PKI-based authentication, must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor.

CCI|CCI-000185

CCI|CCI-001991

Rule-ID|SV-234817r622137_rule

STIG-ID|SLES-15-010170

Vuln-ID|V-234817

SLES-15-010180 - The SUSE operating system must not have the telnet-server package installed.

Rule-ID|SV-234818r622137_rule

STIG-ID|SLES-15-010180

Vuln-ID|V-234818

SLES-15-010190 - SUSE operating systems with a basic input/output system (BIOS) must require authentication upon booting into single-user and maintenance modes.

CCI|CCI-000213

Rule-ID|SV-234819r622137_rule

STIG-ID|SLES-15-010190

Vuln-ID|V-234819

SLES-15-010200 - SUSE operating systems with Unified Extensible Firmware Interface (UEFI) implemented must require authentication upon booting into single-user mode and maintenance.

Rule-ID|SV-234820r622137_rule

STIG-ID|SLES-15-010200

Vuln-ID|V-234820

SLES-15-010220 - The SUSE operating system must be configured to prohibit or restrict the use of functions, ports, protocols, and/or services as defined in the Ports, Protocols, and Services Management (PPSM) Category Assignments List (CAL) and vulnerability assessments - active

CCI|CCI-000382

CCI|CCI-002314

Rule-ID|SV-234821r622137_rule

STIG-ID|SLES-15-010220

Vuln-ID|V-234821

SLES-15-010220 - The SUSE operating system must be configured to prohibit or restrict the use of functions, ports, protocols, and/or services as defined in the Ports, Protocols, and Services Management (PPSM) Category Assignments List (CAL) and vulnerability assessments - enabled

SLES-15-010220 - The SUSE operating system must be configured to prohibit or restrict the use of functions, ports, protocols, and/or services as defined in the Ports, Protocols, and Services Management (PPSM) Category Assignments List (CAL) and vulnerability assessments - rules

SLES-15-010230 - The SUSE operating system must not have duplicate User IDs (UIDs) for interactive users.

CCI|CCI-000764

CCI|CCI-000804

Rule-ID|SV-234822r622137_rule

STIG-ID|SLES-15-010230

Vuln-ID|V-234822

SLES-15-010240 - The SUSE operating system must disable the file system automounter unless required.

CCI|CCI-000778

CCI|CCI-001958

Rule-ID|SV-234823r622137_rule

STIG-ID|SLES-15-010240

Vuln-ID|V-234823

SLES-15-010260 - The SUSE operating system must employ FIPS 140-2 approved cryptographic hashing algorithm for system authentication (login.defs).

CCI|CCI-000803

Rule-ID|SV-234825r622137_rule

STIG-ID|SLES-15-010260

Vuln-ID|V-234825

SLES-15-010270 - The SUSE operating system SSH daemon must be configured to only use Message Authentication Codes (MACs) employing FIPS 140-2 approved cryptographic hash algorithms.

CCI|CCI-000877

CCI|CCI-001453

CCI|CCI-003123

Rule-ID|SV-234826r744126_rule

STIG-ID|SLES-15-010270

Vuln-ID|V-234826

SLES-15-010280 - The SUSE operating system SSH daemon must be configured with a timeout interval.

CCI|CCI-000879

CCI|CCI-001133

CCI|CCI-002361

Rule-ID|SV-234827r622137_rule

STIG-ID|SLES-15-010280

Vuln-ID|V-234827

SLES-15-010300 - The sticky bit must be set on all SUSE operating system world-writable directories.

CCI|CCI-001090

Rule-ID|SV-234828r622137_rule

STIG-ID|SLES-15-010300

Vuln-ID|V-234828

SLES-15-010310 - The SUSE operating system must be configured to use TCP syncookies.

CCI|CCI-001095

Rule-ID|SV-234829r622137_rule

STIG-ID|SLES-15-010310

Vuln-ID|V-234829

SLES-15-010320 - The SUSE operating system for all network connections associated with SSH traffic must immediately terminate at the end of the session or after 10 minutes of inactivity.

Rule-ID|SV-234830r622137_rule

STIG-ID|SLES-15-010320

Vuln-ID|V-234830

SLES-15-010330 - All SUSE operating system persistent disk partitions must implement cryptographic mechanisms to prevent unauthorized disclosure or modification of all information that requires at-rest protection.

CCI|CCI-001199

CCI|CCI-002475

Rule-ID|SV-234831r622137_rule

STIG-ID|SLES-15-010330

Vuln-ID|V-234831

SLES-15-010340 - The SUSE operating system must generate error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries.

CCI|CCI-001312

Rule-ID|SV-234832r622137_rule

STIG-ID|SLES-15-010340

Vuln-ID|V-234832

SLES-15-010350 - The SUSE operating system must prevent unauthorized users from accessing system error messages - permissions

CCI|CCI-001314

Rule-ID|SV-234833r622137_rule

STIG-ID|SLES-15-010350

Vuln-ID|V-234833

SLES-15-010350 - The SUSE operating system must prevent unauthorized users from accessing system error messages - permissions.local

SLES-15-010351 - The SUSE operating system library files must have mode 0755 or less permissive.

CCI|CCI-001499

Rule-ID|SV-234834r622137_rule

STIG-ID|SLES-15-010351

Vuln-ID|V-234834

SLES-15-010352 - The SUSE operating system library directories must have mode 0755 or less permissive.

Rule-ID|SV-234835r622137_rule

STIG-ID|SLES-15-010352

Vuln-ID|V-234835

SLES-15-010353 - The SUSE operating system library files must be owned by root.

Rule-ID|SV-234836r622137_rule

STIG-ID|SLES-15-010353

Vuln-ID|V-234836

SLES-15-010354 - The SUSE operating system library directories must be owned by root.

Detections

Analytics

Revision 1.1

Jul 27, 2022

Functional Update