Detections
Analytics

DISA SUSE Linux Enterprise Micro SLEM 5 STIG v1r2

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: DISA SUSE Linux Enterprise Micro SLEM 5 STIG v1r2

Updated: 3/23/2026

Authority: DISA STIG

Plugin: Unix

Revision: 1.1

Estimated Item Count: 211

File Details

Filename: DISA_STIG_SUSE_Linux_Enterprise_Micro_SLEM_5_v1r2.audit

Size: 410 kB

MD5: 782ac0bbaa3cf9e7613e795dbfc42844
SHA256: e936220b82285f8cf7faad467c22c1a09b85261e53d8a8c6e1af5355e6e8fafd

Audit Items

DescriptionCategories
DISA_STIG_SUSE_Linux_Enterprise_Micro_SLEM_5_v1r2.audit from DISA SUSE Linux Enterprise Micro SLEM 5 STIG v1r2
SLEM-05-211010 - SLEM 5 must be a vendor-supported release.
SLEM-05-211015 - SLEM 5 must implement an endpoint security tool.
SLEM-05-211020 - SLEM 5 must display the Standard Mandatory DOD Notice and Consent Banner before granting any local or remote connection to the system.
SLEM-05-211025 - SLEM 5 must disable the x86 Ctrl-Alt-Delete key sequence.
SLEM-05-212010 - SLEM 5 with a basic input/output system (BIOS) must require authentication upon booting into single-user and maintenance modes.
SLEM-05-212015 - SLEM 5 with Unified Extensible Firmware Interface (UEFI) implemented must require authentication upon booting into single-user mode and maintenance.
SLEM-05-213010 - SLEM 5 must restrict access to the kernel message buffer.
SLEM-05-213015 - SLEM 5 kernel core dumps must be disabled unless needed.
SLEM-05-213020 - Address space layout randomization (ASLR) must be implemented by SLEM 5 to protect memory from unauthorized code execution.
SLEM-05-213025 - SLEM 5 must implement kptr-restrict to prevent the leaking of internal kernel addresses.
SLEM-05-214010 - Vendor-packaged SLEM 5 security patches and updates must be installed and up to date.
SLEM-05-214015 - The SLEM 5 tool zypper must have gpgcheck enabled.
SLEM-05-214020 - SLEM 5 must remove all outdated software components after updated versions have been installed.
SLEM-05-215010 - SLEM 5 must use vlock to allow for session locking.
SLEM-05-215015 - SLEM 5 must not have the telnet-server package installed.
SLEM-05-231010 - A separate file system must be used for SLEM 5 user home directories (such as /home or an equivalent).
SLEM-05-231015 - SLEM 5 must use a separate file system for /var.
SLEM-05-231020 - SLEM 5 must use a separate file system for the system audit data path.
SLEM-05-231025 - SLEM 5 file systems that are being imported via Network File System (NFS) must be mounted to prevent files with the setuid and setgid bit set from being executed.
SLEM-05-231030 - SLEM 5 file systems that are being imported via Network File System (NFS) must be mounted to prevent binary files from being executed.
SLEM-05-231035 - SLEM 5 file systems that are used with removable media must be mounted to prevent files with the setuid and setgid bit set from being executed.
SLEM-05-231040 - All SLEM 5 persistent disk partitions must implement cryptographic mechanisms to prevent unauthorized disclosure or modification of all information that requires at-rest protection.
SLEM-05-231045 - SLEM 5 file systems that contain user home directories must be mounted to prevent files with the setuid and setgid bit set from being executed.
SLEM-05-231050 - SLEM 5 must disable the file system automounter unless required.
SLEM-05-232010 - SLEM 5 must have directories that contain system commands set to a mode of 755 or less permissive.
SLEM-05-232015 - SLEM 5 must have system commands set to a mode of 755 or less permissive.
SLEM-05-232020 - SLEM 5 library directories must have mode 755 or less permissive.
SLEM-05-232025 - SLEM 5 library files must have mode 755 or less permissive.
SLEM-05-232030 - All SLEM 5 local interactive user home directories must have mode 750 or less permissive.
SLEM-05-232035 - All SLEM 5 local initialization files must have mode 740 or less permissive.
SLEM-05-232040 - SLEM 5 SSH daemon public host key files must have mode 644 or less permissive.
SLEM-05-232045 - SLEM 5 SSH daemon private host key files must have mode 640 or less permissive.
SLEM-05-232050 - SLEM 5 library files must be owned by root.
SLEM-05-232055 - SLEM 5 library files must be group-owned by root.
SLEM-05-232060 - SLEM 5 library directories must be owned by root.
SLEM-05-232065 - SLEM 5 library directories must be group-owned by root.
SLEM-05-232070 - SLEM 5 must have system commands owned by root.
SLEM-05-232075 - SLEM 5 must have system commands group-owned by root or a system account.
SLEM-05-232080 - SLEM 5 must have directories that contain system commands owned by root.
SLEM-05-232085 - SLEM 5 must have directories that contain system commands group-owned by root.
SLEM-05-232090 - All SLEM 5 files and directories must have a valid owner.
SLEM-05-232095 - All SLEM 5 files and directories must have a valid group owner.
SLEM-05-232100 - All SLEM 5 local interactive user home directories must be group-owned by the home directory owner's primary group.
SLEM-05-232105 - All SLEM 5 world-writable directories must be group-owned by root, sys, bin, or an application group.
SLEM-05-232110 - The sticky bit must be set on all SLEM 5 world-writable directories.
SLEM-05-232115 - SLEM 5 must prevent unauthorized users from accessing system error messages.
SLEM-05-232120 - SLEM 5 must generate error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries.
SLEM-05-251010 - SLEM 5 must be configured to prohibit or restrict the use of functions, ports, protocols, and/or services as defined in the Ports, Protocols, and Services Management (PPSM) Category Assignments List (CAL) and vulnerability assessments.
SLEM-05-252010 - SLEM 5 clock must, for networked systems, be synchronized to an authoritative DOD time source at least every 24 hours.