Skip to content

Guide to the Secure Configuration of SUSE Linux Enterprise Micro 5

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Set PAM''s Password Hashing Algorithm

    The PAM system service can be configured to only store encrypted representations of passwords. In "/etc/pam.d/common-password", the <code>password</code> section of the file controls which PAM modu...
    Rule Medium Severity
  • Set Password Hashing Rounds in /etc/login.defs

    In <code>/etc/login.defs</code>, ensure <code>SHA_CRYPT_MIN_ROUNDS</code> and <code>SHA_CRYPT_MAX_ROUNDS</code> has the minimum value of <code>5000</code>. For example: <pre>SHA_CRYPT_MIN_ROUNDS 50...
    Rule Medium Severity
  • Protect Physical Console Access

    It is impossible to fully protect a system from an attacker with physical access, so securing the space in which the system is located should be considered a necessary step. However, there are some...
    Group
  • Disable Ctrl-Alt-Del Reboot Activation

    By default, <code>SystemD</code> will reboot the system if the <code>Ctrl-Alt-Del</code> key sequence is pressed. <br> <br> To configure the system to ignore the <code>Ctrl-Alt-Del</code> k...
    Rule High Severity
  • Configure Screen Locking

    When a user must temporarily leave an account logged-in, screen locking should be employed to prevent passersby from abusing the account. User education and training is particularly important for s...
    Group
  • Configure Console Screen Locking

    A console screen locking mechanism is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the information system but does not logout because of th...
    Group
  • Check that vlock is installed to allow session locking

    The SUSE Linux Enterprise Micro 5 operating system must have vlock installed to allow for session locking. The <code>kbd</code> package can be installed with the following command: <pre> $ sudo z...
    Rule Medium Severity
  • Hardware Tokens for Authentication

    The use of hardware tokens such as smart cards for system login provides stronger, two-factor authentication than using a username and password. In Red Hat Enterprise Linux servers and workstation...
    Group
  • Prevent Login to Accounts With Empty Password

    If an account is configured for password authentication but does not have an assigned password, it may be possible to log into the account without authentication. Remove any instances of the <code>...
    Rule High Severity
  • Install Smart Card Packages For Multifactor Authentication

    Configure the operating system to implement multifactor authentication by installing the required package with the following command: The <code>pam_pkcs11</code> package can be installed with the ...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules