DISA SLES 15 STIG v1r9

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: DISA SLES 15 STIG v1r9

Updated: 9/19/2023

Authority: DISA STIG

Plugin: Unix

Revision: 1.5

Estimated Item Count: 301

Audit Changelog

 
Revision 1.5

Sep 19, 2023

Functional Update
  • SLES-15-010300 - The sticky bit must be set on all SUSE operating system world-writable directories.
  • SLES-15-010340 - The SUSE operating system must generate error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries.
  • SLES-15-010351 - The SUSE operating system library files must have mode 0755 or less permissive.
  • SLES-15-010352 - The SUSE operating system library directories must have mode 0755 or less permissive.
  • SLES-15-010353 - The SUSE operating system library files must be owned by root.
  • SLES-15-010354 - The SUSE operating system library directories must be owned by root.
  • SLES-15-010355 - The SUSE operating system library files must be group-owned by root.
  • SLES-15-010356 - The SUSE operating system library directories must be group-owned by root.
  • SLES-15-010357 - The SUSE operating system must have system commands set to a mode of 0755 or less permissive.
  • SLES-15-010358 - The SUSE operating system must have directories that contain system commands set to a mode of 0755 or less permissive.
  • SLES-15-010359 - The SUSE operating system must have system commands owned by root.
  • SLES-15-010360 - The SUSE operating system must have directories that contain system commands owned by root.
  • SLES-15-010361 - The SUSE operating system must have system commands group-owned by root or a system account.
  • SLES-15-010362 - The SUSE operating system must have directories that contain system commands group-owned by root.
  • SLES-15-040020 - There must be no .shosts files on the SUSE operating system.
  • SLES-15-040030 - There must be no shosts.equiv files on the SUSE operating system.
  • SLES-15-040130 - All SUSE operating system local initialization files must not execute world-writable programs.
  • SLES-15-040180 - All SUSE operating system world-writable directories must be group-owned by root, sys, bin, or an application group.
  • SLES-15-040220 - The SUSE operating system must be configured to not overwrite Pluggable Authentication Modules (PAM) configuration on package changes.
  • SLES-15-040400 - All SUSE operating system files and directories must have a valid owner.
  • SLES-15-040410 - All SUSE operating system files and directories must have a valid group owner.
Miscellaneous
  • Variables updated.
Revision 1.4

Aug 23, 2023

Miscellaneous
  • Audit deprecated.
  • Metadata updated.
  • References updated.
Revision 1.3

May 16, 2023

Miscellaneous
  • Metadata updated.
Revision 1.2

Apr 12, 2023

Functional Update
  • SLES-15-010260 - The SUSE operating system must employ FIPS 140-2 approved cryptographic hashing algorithm for system authentication (login.defs).
  • SLES-15-020110 - All SUSE operating system local interactive user accounts, upon creation, must be assigned a home directory - CREATE_HOME
  • SLES-15-020190 - The SUSE operating system must employ FIPS 140-2-approved cryptographic hashing algorithms for all stored passwords - SHA_CRYPT_MIN_ROUNDS
  • SLES-15-020200 - The SUSE operating system must be configured to create or update passwords with a minimum lifetime of 24 hours (one day) - 1 day.
  • SLES-15-020220 - The SUSE operating system must be configured to create or update passwords with a maximum lifetime of 60 days.
  • SLES-15-040000 - The SUSE operating system must enforce a delay of at least four seconds between logon prompts following a failed logon attempt - 4 seconds between logon prompts following a failed logon attempt.
  • SLES-15-040420 - The SUSE operating system default permissions must be defined in such a way that all authenticated users can only read and modify their own files.
Miscellaneous
  • Metadata updated.
  • Platform check updated.
  • Variables updated.
Revision 1.1

Mar 7, 2023

Miscellaneous
  • Metadata updated.
  • References updated.