Skip to content
Log In

SLES 12 Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • SRG-OS-000073-GPOS-00041

    Group
    Show

  • The SUSE operating system must employ FIPS 140-3 approved cryptographic hashing algorithms for all stored passwords.

    The system must use a strong hashing algorithm to store the password. The system must use a sufficient number of hashing rounds to ensure the required level of entropy. Passwords need to be protec...
    Rule Medium Severity
    Show

  • SRG-OS-000078-GPOS-00046

    Group
    Show

  • The SUSE operating system must employ passwords with a minimum of 15 characters.

    The shorter the password, the lower the number of possible combinations that need to be tested before the password is compromised. Password complexity, or strength, is a measure of the effectivene...
    Rule Medium Severity
    Show

  • SRG-OS-000075-GPOS-00043

    Group
    Show

  • The SUSE operating system must be configured to create or update passwords with a minimum lifetime of 24 hours (one day).

    Enforcing a minimum password lifetime helps prevent repeated password changes to defeat the password reuse or history enforcement requirement. If users are allowed to immediately and continually ch...
    Rule Medium Severity
    Show

  • SRG-OS-000075-GPOS-00043

    Group
    Show

  • The SUSE operating system must employ user passwords with a minimum lifetime of 24 hours (one day).

    Enforcing a minimum password lifetime helps prevent repeated password changes to defeat the password reuse or history enforcement requirement. If users are allowed to immediately and continually ch...
    Rule Medium Severity
    Show

  • SRG-OS-000076-GPOS-00044

    Group
    Show

  • SRG-OS-000076-GPOS-00044

    Group
    Show

  • The SUSE operating system must employ user passwords with a maximum lifetime of 60 days.

    Any password, no matter how complex, can eventually be cracked. Therefore, passwords need to be changed periodically. If the SUSE operating system does not limit the lifetime of passwords and force...
    Rule Medium Severity
    Show

  • SRG-OS-000480-GPOS-00225

    Group
    Show

  • The SUSE operating system must prevent the use of dictionary words for passwords.

    If the SUSE operating system allows the user to select passwords based on dictionary words, this increases the chances of password compromise by increasing the opportunity for successful guesses an...
    Rule Medium Severity
    Show

  • SRG-OS-000123-GPOS-00064

    Group
    Show

  • SRG-OS-000118-GPOS-00060

    Group
    Show

  • The SUSE operating system must disable account identifiers (individuals, groups, roles, and devices) after 35 days of inactivity after password expiration.

    Inactive identifiers pose a risk to systems and applications because attackers may exploit an inactive identifier and potentially obtain undetected access to the system. Owners of inactive accounts...
    Rule Medium Severity
    Show

  • SRG-OS-000480-GPOS-00226

    Group
    Show

  • The SUSE operating system must enforce a delay of at least four seconds between logon prompts following a failed logon attempt.

    Limiting the number of logon attempts over a certain time interval reduces the chances that an unauthorized user may gain access to an account.
    Rule Medium Severity
    Show

  • SRG-OS-000480-GPOS-00229

    Group
    Show

  • SRG-OS-000480-GPOS-00227

    Group
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules