SUSE Linux Enterprise Server 15 Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SUSE operating system file systems that are being imported via Network File System (NFS) must be mounted to prevent binary files from being executed.
The "noexec" mount option causes the system to not execute binary files. This option must be used for mounting any file system not containing approved binary files, as they may be incompatible. Exe...Rule Medium Severity -
All SUSE operating system world-writable directories must be group-owned by root, sys, bin, or an application group.
If a world-writable directory has the sticky bit set and is not group-owned by a privileged Group Identifier (GID), unauthorized users may be able to modify files created by others. The only autho...Rule Medium Severity -
The SUSE operating system must be configured to not overwrite Pluggable Authentication Modules (PAM) configuration on package changes.
The "pam-config" command line utility automatically generates a system PAM configuration as packages are installed, updated, or removed from the system. "pam-config" removes configurations for PAM ...Rule Medium Severity -
The SUSE operating system must not forward Internet Protocol version 4 (IPv4) source-routed packets.
Source-routed packets allow the source of the packet to suggest that routers forward the packet along a different path than configured on the router, which can be used to bypass network security me...Rule Medium Severity -
The SUSE operating system must not forward Internet Protocol version 6 (IPv6) source-routed packets.
Source-routed packets allow the source of the packet to suggest that routers forward the packet along a different path than configured on the router, which can be used to bypass network security me...Rule Medium Severity -
The SUSE operating system must not forward Internet Protocol version 4 (IPv4) source-routed packets by default.
Source-routed packets allow the source of the packet to suggest that routers forward the packet along a different path than configured on the router, which can be used to bypass network security me...Rule Medium Severity -
The SUSE operating system must not forward Internet Protocol version 6 (IPv6) source-routed packets by default.
Source-routed packets allow the source of the packet to suggest that routers forward the packet along a different path than configured on the router, which can be used to bypass network security me...Rule Medium Severity -
The SUSE operating system must prevent Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirect messages from being accepted.
ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages modify the host's route table and are unauthenticated. An ill...Rule Medium Severity -
The SUSE operating system must not allow interfaces to accept Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirect messages by default.
ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages modify the host's route table and are unauthenticated. An ill...Rule Medium Severity -
The SUSE operating system must prevent Internet Protocol version 6 (IPv6) Internet Control Message Protocol (ICMP) redirect messages from being accepted.
ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages modify the host's route table and are unauthenticated. An ill...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.