| SLES-12-010020 - The SUSE operating system must display the Standard Mandatory DoD Notice and Consent Banner until users acknowledge the usage conditions and take explicit actions to log on for further access to the local graphical user interface. | DISA SLES 12 STIG v3r4 | Unix | ACCESS CONTROL |
| SLES-12-010050 - The SUSE operating system must display the approved Standard Mandatory DoD Notice before granting local or remote access to the system via a graphical user logon. | DISA SLES 12 STIG v3r4 | Unix | ACCESS CONTROL |
| SLES-12-010080 - The SUSE operating system must initiate a session lock after a 15-minute period of inactivity for the graphical user interface. | DISA SLES 12 STIG v3r4 | Unix | ACCESS CONTROL |
| SLES-12-010114 - The SUSE operating system must not be configured to bypass password requirements for privilege escalation. | DISA SLES 12 STIG v3r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SLES-12-010160 - The SUSE operating system must enforce passwords that contain at least one lower-case character. | DISA SLES 12 STIG v3r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SLES-12-010210 - The SUSE operating system must employ FIPS 140-2 approved cryptographic hashing algorithm for system authentication (login.defs). | DISA SLES 12 STIG v3r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SLES-12-010220 - The SUSE operating system must employ FIPS 140-2-approved cryptographic hashing algorithms for all stored passwords. | DISA SLES 12 STIG v3r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SLES-12-010240 - The SUSE operating system must employ FIPS 140-3 approved cryptographic hashing algorithms for all stored passwords. | DISA SLES 12 STIG v3r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SLES-12-010250 - The SUSE operating system must employ passwords with a minimum of 15 characters. | DISA SLES 12 STIG v3r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SLES-12-010260 - The SUSE operating system must be configured to create or update passwords with a minimum lifetime of 24 hours (one day). | DISA SLES 12 STIG v3r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SLES-12-010270 - The SUSE operating system must employ user passwords with a minimum lifetime of 24 hours (one day). | DISA SLES 12 STIG v3r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SLES-12-010280 - The SUSE operating system must be configured to create or update passwords with a maximum lifetime of 60 days. | DISA SLES 12 STIG v3r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SLES-12-010330 - The SUSE operating system must never automatically remove or disable emergency administrator accounts. | DISA SLES 12 STIG v3r4 | Unix | ACCESS CONTROL |
| SLES-12-010375 - The SUSE operating system must restrict access to the kernel message buffer. | DISA SLES 12 STIG v3r4 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| SLES-12-010380 - The SUSE operating system must not allow unattended or automatic logon via the graphical user interface. | DISA SLES 12 STIG v3r4 | Unix | CONFIGURATION MANAGEMENT |
| SLES-12-010499 - The SUSE operating system must use a file integrity tool to verify correct operation of all security functions. | DISA SLES 12 STIG v3r4 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| SLES-12-010520 - The SUSE operating system file integrity tool must be configured to verify Access Control Lists (ACLs). | DISA SLES 12 STIG v3r4 | Unix | CONFIGURATION MANAGEMENT |
| SLES-12-010690 - All SUSE operating system files and directories must have a valid owner. | DISA SLES 12 STIG v3r4 | Unix | ACCESS CONTROL |
| SLES-12-010760 - All SUSE operating system local initialization files must have mode 0740 or less permissive. | DISA SLES 12 STIG v3r4 | Unix | CONFIGURATION MANAGEMENT |
| SLES-12-010830 - All SUSE operating system world-writable directories must be group-owned by root, sys, bin, or an application group. | DISA SLES 12 STIG v3r4 | Unix | CONFIGURATION MANAGEMENT |
| SLES-12-010840 - SUSE operating system kernel core dumps must be disabled unless needed. | DISA SLES 12 STIG v3r4 | Unix | CONFIGURATION MANAGEMENT |
| SLES-12-010876 - The SUSE operating system library directories must be group-owned by root. | DISA SLES 12 STIG v3r4 | Unix | CONFIGURATION MANAGEMENT |
| SLES-12-010877 - The SUSE operating system must have system commands set to a mode of 755 or less permissive. | DISA SLES 12 STIG v3r4 | Unix | CONFIGURATION MANAGEMENT |
| SLES-12-010878 - The SUSE operating system must have directories that contain system commands set to a mode of 0755 or less permissive. | DISA SLES 12 STIG v3r4 | Unix | CONFIGURATION MANAGEMENT |
| SLES-12-010883 - The SUSE operating system must have directories that contain system commands group-owned by root. | DISA SLES 12 STIG v3r4 | Unix | CONFIGURATION MANAGEMENT |
| SLES-12-010890 - The SUSE operating system must prevent unauthorized users from accessing system error messages. | DISA SLES 12 STIG v3r4 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| SLES-12-020000 - The SUSE operating system must have the auditing package installed. | DISA SLES 12 STIG v3r4 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| SLES-12-020090 - Audispd must off-load audit records onto a different system or media from the SUSE operating system being audited. | DISA SLES 12 STIG v3r4 | Unix | AUDIT AND ACCOUNTABILITY |
| SLES-12-020210 - The SUSE operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group. | DISA SLES 12 STIG v3r4 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| SLES-12-020260 - The SUSE operating system must generate audit records for all uses of the sudo command. | DISA SLES 12 STIG v3r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-12-020411 - The SUSE operating system must generate audit records for all uses of the unlink, unlinkat, rename, renameat and rmdir syscalls. | DISA SLES 12 STIG v3r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-12-020560 - The SUSE operating system must generate audit records for all uses of the gpasswd command. | DISA SLES 12 STIG v3r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-12-020570 - The SUSE operating system must generate audit records for all uses of the newgrp command. | DISA SLES 12 STIG v3r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-12-020620 - The SUSE operating system must generate audit records for all uses of the chacl command. | DISA SLES 12 STIG v3r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-12-020630 - Successful/unsuccessful attempts to modify categories of information (e.g., classification levels) must generate audit records. | DISA SLES 12 STIG v3r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-12-020690 - The SUSE operating system must generate audit records for all uses of the chage command. | DISA SLES 12 STIG v3r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-12-020740 - The SUSE operating system must generate audit records for all uses of the init_module and finit_module syscalls. | DISA SLES 12 STIG v3r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-12-030040 - SuSEfirewall2 must protect against or limit the effects of Denial-of-Service (DoS) attacks on the SUSE operating system by implementing rate-limiting measures on impacted network interfaces. | DISA SLES 12 STIG v3r4 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| SLES-12-030100 - All networked SUSE operating systems must have and implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission. | DISA SLES 12 STIG v3r4 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| SLES-12-030110 - The SUSE operating system must log SSH connection attempts and failures to the server. | DISA SLES 12 STIG v3r4 | Unix | ACCESS CONTROL |
| SLES-12-030140 - The SUSE operating system must deny direct logons to the root account using remote access via SSH. | DISA SLES 12 STIG v3r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SLES-12-030170 - The SUSE operating system must implement DoD-approved encryption to protect the confidentiality of SSH remote connections. | DISA SLES 12 STIG v3r4 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| SLES-12-030191 - The SUSE operating system for all network connections associated with SSH traffic must immediately terminate at the end of the session or after 10 minutes of inactivity. | DISA SLES 12 STIG v3r4 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| SLES-12-030220 - The SUSE operating system SSH daemon private host key files must have mode 0640 or less permissive. | DISA SLES 12 STIG v3r4 | Unix | CONFIGURATION MANAGEMENT |
| SLES-12-030240 - The SUSE operating system SSH daemon must use privilege separation. | DISA SLES 12 STIG v3r4 | Unix | CONFIGURATION MANAGEMENT |
| SLES-12-030260 - The SUSE operating system SSH daemon must disable forwarded remote X connections for interactive users, unless to fulfill documented and validated mission requirements. | DISA SLES 12 STIG v3r4 | Unix | CONFIGURATION MANAGEMENT |
| SLES-12-030320 - The SUSE operating system must implement kptr-restrict to prevent the leaking of internal kernel addresses. | DISA SLES 12 STIG v3r4 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| SLES-12-030363 - The SUSE operating system must prevent Internet Protocol version 6 (IPv6) Internet Control Message Protocol (ICMP) redirect messages from being accepted. | DISA SLES 12 STIG v3r4 | Unix | CONFIGURATION MANAGEMENT |
| SLES-12-030365 - The SUSE operating system must not be performing Internet Protocol version 6 (IPv6) packet forwarding by default unless the system is a router. | DISA SLES 12 STIG v3r4 | Unix | CONFIGURATION MANAGEMENT |
| SLES-12-030450 - The SUSE operating system wireless network adapters must be disabled unless approved and documented. | DISA SLES 12 STIG v3r4 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
