SLES 12 Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
The SUSE operating system must implement certificate status checking for multifactor authentication.
Using an authentication device, such as a Common Access Card (CAC) or token separate from the information system, ensures credentials stored on the authentication device will not be affected if the...Rule Medium Severity -
The SUSE operating system SSH daemon must prevent remote hosts from connecting to the proxy display.
When X11 forwarding is enabled, there may be additional exposure to the server and client displays if the sshd proxy display is configured to listen on the wildcard address. By default, sshd binds ...Rule Medium Severity -
The SUSE operating system must restrict privilege elevation to authorized personnel.
The sudo command allows a user to execute programs with elevated (administrator) privileges. It prompts the user for their password and confirms your request to execute a command by checking a file...Rule Medium Severity -
The SUSE operating system must use the invoking user's password for privilege escalation when using "sudo".
The sudoers security policy requires that users authenticate themselves before they can use sudo. When sudoers requires authentication, it validates the invoking user's credentials. If the rootpw, ...Rule Medium Severity -
The SUSE operating system library directories must have mode 0755 or less permissive.
If the SUSE operating system were to allow any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are ...Rule Medium Severity -
The SUSE operating system library files must be owned by root.
If the SUSE operating system were to allow any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are ...Rule Medium Severity -
The SUSE operating system must have directories that contain system commands set to a mode of 0755 or less permissive.
If the SUSE operating system were to allow any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are ...Rule Medium Severity -
The SUSE operating system must not have the vsftpd package installed if not required for operational support.
It is detrimental for SUSE operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often over...Rule Medium Severity -
The SUSE operating system must not have accounts configured with blank or null passwords.
If an account has an empty password, anyone could log on and run commands with the privileges of that account. Accounts with empty passwords should never be used in operational environments.Rule High Severity -
The SUSE operating system must generate audit records for all uses of the unlink, unlinkat, rename, renameat and rmdir syscalls.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an in...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.