| DISA_STIG_SUSE_Linux_Enterprise_Micro_SLEM_5_v1r2.audit from DISA SUSE Linux Enterprise Micro SLEM 5 STIG v1r2 | |
| SLEM-05-211010 - SLEM 5 must be a vendor-supported release. | CONFIGURATION MANAGEMENT |
| SLEM-05-211015 - SLEM 5 must implement an endpoint security tool. | SYSTEM AND INFORMATION INTEGRITY |
| SLEM-05-211020 - SLEM 5 must display the Standard Mandatory DOD Notice and Consent Banner before granting any local or remote connection to the system. | ACCESS CONTROL |
| SLEM-05-211025 - SLEM 5 must disable the x86 Ctrl-Alt-Delete key sequence. | CONFIGURATION MANAGEMENT |
| SLEM-05-212010 - SLEM 5 with a basic input/output system (BIOS) must require authentication upon booting into single-user and maintenance modes. | ACCESS CONTROL |
| SLEM-05-212015 - SLEM 5 with Unified Extensible Firmware Interface (UEFI) implemented must require authentication upon booting into single-user mode and maintenance. | ACCESS CONTROL |
| SLEM-05-213010 - SLEM 5 must restrict access to the kernel message buffer. | SYSTEM AND COMMUNICATIONS PROTECTION |
| SLEM-05-213015 - SLEM 5 kernel core dumps must be disabled unless needed. | CONFIGURATION MANAGEMENT |
| SLEM-05-213020 - Address space layout randomization (ASLR) must be implemented by SLEM 5 to protect memory from unauthorized code execution. | SYSTEM AND INFORMATION INTEGRITY |
| SLEM-05-213025 - SLEM 5 must implement kptr-restrict to prevent the leaking of internal kernel addresses. | SYSTEM AND INFORMATION INTEGRITY |
| SLEM-05-214010 - Vendor-packaged SLEM 5 security patches and updates must be installed and up to date. | CONFIGURATION MANAGEMENT |
| SLEM-05-214015 - The SLEM 5 tool zypper must have gpgcheck enabled. | CONFIGURATION MANAGEMENT |
| SLEM-05-214020 - SLEM 5 must remove all outdated software components after updated versions have been installed. | SYSTEM AND INFORMATION INTEGRITY |
| SLEM-05-215010 - SLEM 5 must use vlock to allow for session locking. | ACCESS CONTROL |
| SLEM-05-215015 - SLEM 5 must not have the telnet-server package installed. | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| SLEM-05-231010 - A separate file system must be used for SLEM 5 user home directories (such as /home or an equivalent). | CONFIGURATION MANAGEMENT |
| SLEM-05-231015 - SLEM 5 must use a separate file system for /var. | CONFIGURATION MANAGEMENT |
| SLEM-05-231020 - SLEM 5 must use a separate file system for the system audit data path. | CONFIGURATION MANAGEMENT |
| SLEM-05-231025 - SLEM 5 file systems that are being imported via Network File System (NFS) must be mounted to prevent files with the setuid and setgid bit set from being executed. | CONFIGURATION MANAGEMENT |
| SLEM-05-231030 - SLEM 5 file systems that are being imported via Network File System (NFS) must be mounted to prevent binary files from being executed. | CONFIGURATION MANAGEMENT |
| SLEM-05-231035 - SLEM 5 file systems that are used with removable media must be mounted to prevent files with the setuid and setgid bit set from being executed. | CONFIGURATION MANAGEMENT |
| SLEM-05-231040 - All SLEM 5 persistent disk partitions must implement cryptographic mechanisms to prevent unauthorized disclosure or modification of all information that requires at-rest protection. | SYSTEM AND COMMUNICATIONS PROTECTION |
| SLEM-05-231045 - SLEM 5 file systems that contain user home directories must be mounted to prevent files with the setuid and setgid bit set from being executed. | CONFIGURATION MANAGEMENT |
| SLEM-05-231050 - SLEM 5 must disable the file system automounter unless required. | IDENTIFICATION AND AUTHENTICATION |
| SLEM-05-232010 - SLEM 5 must have directories that contain system commands set to a mode of 755 or less permissive. | CONFIGURATION MANAGEMENT |
| SLEM-05-232015 - SLEM 5 must have system commands set to a mode of 755 or less permissive. | CONFIGURATION MANAGEMENT |
| SLEM-05-232020 - SLEM 5 library directories must have mode 755 or less permissive. | CONFIGURATION MANAGEMENT |
| SLEM-05-232025 - SLEM 5 library files must have mode 755 or less permissive. | CONFIGURATION MANAGEMENT |
| SLEM-05-232030 - All SLEM 5 local interactive user home directories must have mode 750 or less permissive. | CONFIGURATION MANAGEMENT |
| SLEM-05-232035 - All SLEM 5 local initialization files must have mode 740 or less permissive. | CONFIGURATION MANAGEMENT |
| SLEM-05-232040 - SLEM 5 SSH daemon public host key files must have mode 644 or less permissive. | CONFIGURATION MANAGEMENT |
| SLEM-05-232045 - SLEM 5 SSH daemon private host key files must have mode 640 or less permissive. | CONFIGURATION MANAGEMENT |
| SLEM-05-232050 - SLEM 5 library files must be owned by root. | CONFIGURATION MANAGEMENT |
| SLEM-05-232055 - SLEM 5 library files must be group-owned by root. | CONFIGURATION MANAGEMENT |
| SLEM-05-232060 - SLEM 5 library directories must be owned by root. | CONFIGURATION MANAGEMENT |
| SLEM-05-232065 - SLEM 5 library directories must be group-owned by root. | CONFIGURATION MANAGEMENT |
| SLEM-05-232070 - SLEM 5 must have system commands owned by root. | CONFIGURATION MANAGEMENT |
| SLEM-05-232075 - SLEM 5 must have system commands group-owned by root or a system account. | CONFIGURATION MANAGEMENT |
| SLEM-05-232080 - SLEM 5 must have directories that contain system commands owned by root. | CONFIGURATION MANAGEMENT |
| SLEM-05-232085 - SLEM 5 must have directories that contain system commands group-owned by root. | CONFIGURATION MANAGEMENT |
| SLEM-05-232090 - All SLEM 5 files and directories must have a valid owner. | CONFIGURATION MANAGEMENT |
| SLEM-05-232095 - All SLEM 5 files and directories must have a valid group owner. | CONFIGURATION MANAGEMENT |
| SLEM-05-232100 - All SLEM 5 local interactive user home directories must be group-owned by the home directory owner's primary group. | CONFIGURATION MANAGEMENT |
| SLEM-05-232105 - All SLEM 5 world-writable directories must be group-owned by root, sys, bin, or an application group. | CONFIGURATION MANAGEMENT |
| SLEM-05-232110 - The sticky bit must be set on all SLEM 5 world-writable directories. | SYSTEM AND COMMUNICATIONS PROTECTION |
| SLEM-05-232115 - SLEM 5 must prevent unauthorized users from accessing system error messages. | SYSTEM AND INFORMATION INTEGRITY |
| SLEM-05-232120 - SLEM 5 must generate error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries. | SYSTEM AND INFORMATION INTEGRITY |
| SLEM-05-251010 - SLEM 5 must be configured to prohibit or restrict the use of functions, ports, protocols, and/or services as defined in the Ports, Protocols, and Services Management (PPSM) Category Assignments List (CAL) and vulnerability assessments. | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| SLEM-05-252010 - SLEM 5 clock must, for networked systems, be synchronized to an authoritative DOD time source at least every 24 hours. | AUDIT AND ACCOUNTABILITY |
