Skip to content
Log In

Guide to the Secure Configuration of openSUSE

Rules, Groups, and Values defined within the XCCDF Benchmark

  • minimum password age

    Minimum age of password in days
    Value
    Show

  • minimum password length

    Minimum number of characters in password
    Value
    Show

  • warning days before password expires

    The number of days' warning given before a password expires.
    Value
    Show

  • Set Password Minimum Age

    To specify password minimum age for new accounts, edit the file <code>/etc/login.defs</code> and add or correct the following line: <pre>PASS_MIN_DAYS <xccdf-1.2:sub idref="xccdf_org.ssgproject.con...
    Rule Medium Severity
    Show

  • Set Password Warning Age

    To specify how many days prior to password expiration that a warning will be issued to users, edit the file <code>/etc/login.defs</code> and add or correct the following line: <pre>PASS_WARN_AGE <...
    Rule Medium Severity
    Show

  • Verify Proper Storage and Existence of Password Hashes

    By default, password hashes for local accounts are stored in the second field (colon-separated) in <code>/etc/shadow</code>. This file should be readable only by processes running with root credent...
    Group
    Show

  • Verify All Account Password Hashes are Shadowed

    If any password hashes are stored in <code>/etc/passwd</code> (in the second field, instead of an <code>x</code> or <code>*</code>), the cause of this misconfiguration should be investigated. The a...
    Rule Medium Severity
    Show

  • Ensure all users last password change date is in the past

    All users should have a password change date in the past.
    Rule Medium Severity
    Show

  • All GIDs referenced in /etc/passwd must be defined in /etc/group

    Add a group to the system for each GID referenced without a corresponding group.
    Rule Low Severity
    Show

  • Prevent Login to Accounts With Empty Password

    If an account is configured for password authentication but does not have an assigned password, it may be possible to log into the account without authentication. Remove any instances of the <code>...
    Rule High Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules