Guide to the Secure Configuration of openSUSE
Rules, Groups, and Values defined within the XCCDF Benchmark
-
net.ipv6.conf.default.accept_ra
Accept default router advertisements by default?Value -
net.ipv6.conf.default.accept_redirects
Toggle ICMP Redirect Acceptance By DefaultValue -
SSH enabled firewalld zone
Specify firewalld zone to enable SSH service. This value is used only for remediation purposes.Value -
SSH Approved ciphers by FIPS
Specify the FIPS approved ciphers that are used for data integrity protection by the SSH server.Value -
ftpd_use_nfs SELinux Boolean
default - Default SELinux boolean setting.
on - SELinux boolean is enabled.
off - SELinux boolean is disabled.Value -
postgresql_can_rsync SELinux Boolean
default - Default SELinux boolean setting.
on - SELinux boolean is enabled.
off - SELinux boolean is disabled.Value -
Disk Partitioning
To ensure separation and protection of data, there are top-level system directories which should be placed on their own physical partition or logic...Group -
net.ipv6.conf.default.accept_source_route
Trackers could be using source-routed packets to generate traffic that seems to be intra-net, but actually was created outside and has been redirec...Value -
Ensure /home Located On Separate Partition
If user home directories will be stored locally, create a separate partition for <code>/home</code> at installation time (or migrate it later using...Rule Low Severity -
Ensure /srv Located On Separate Partition
If a file server (FTP, TFTP...) is hosted locally, create a separate partition for <code>/srv</code> at installation time (or migrate it later usin...Rule Unknown Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules