Skip to content
Log In

Guide to the Secure Configuration of SUSE Linux Enterprise Micro 5

Rules, Groups, and Values defined within the XCCDF Benchmark

  • SELinux state

    enforcing - SELinux security policy is enforced.
    permissive - SELinux prints warnings instead of enforcing.
    disabled - SELinux is fully disabled.
    Value
    Show

  • Install policycoreutils-python-utils package

    The policycoreutils-python-utils package can be installed with the following command: 
    $ sudo zypper install policycoreutils-python-utils
    Rule Medium Severity
    Show

  • Install policycoreutils Package

    The policycoreutils package can be installed with the following command: 
    $ sudo zypper install policycoreutils
    Rule Low Severity
    Show

  • Configure SELinux Policy

    The SELinux <code>targeted</code> policy is appropriate for general-purpose desktops and servers, as well as systems in many other roles. To configure the system to use this policy, add or correct ...
    Rule Medium Severity
    Show

  • Protect Accounts by Configuring PAM

    PAM, or Pluggable Authentication Modules, is a system which implements modular authentication for Linux programs. PAM provides a flexible and configurable architecture for authentication, and it sh...
    Group
    Show

  • Set Lockouts for Failed Password Attempts

    The <code>pam_faillock</code> PAM module provides the capability to lock out user accounts after a number of failed login attempts. Its documentation is available in <code>/usr/share/doc/pam-VERSIO...
    Group
    Show

  • faildelay_delay

    Delay next login attempt after a failed login
    Value
    Show

  • Enforce Delay After Failed Logon Attempts

    To configure the system to introduce a delay after failed logon attempts, add or correct the <code>pam_faildelay</code> settings in <code>/etc/pam.d/common-auth</code> to make sure its <code>delay<...
    Rule Medium Severity
    Show

  • SLEM 5 must use the default pam_tally2 tally directory.

    This rule configures the system to use default pam_tally2 tally directory
    Rule Medium Severity
    Show

  • An SELinux Context must be configured for default pam_tally2 file option

    The file configuration option in PAM pam_tally2.so module defines where to keep counts. Default is /var/log/tallylog. The configured directory must have the correct SELinux context.
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules