Skip to content

Guide to the Secure Configuration of openSUSE

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Disable storing core dump

    The <code>Storage</code> option in <code>[Coredump]</code> sectionof <code>/etc/systemd/coredump.conf</code> can be set to <code>none</code> to dis...
    Rule Medium Severity
  • Disable Core Dumps for SUID programs

    To set the runtime status of the <code>fs.suid_dumpable</code> kernel parameter, run the following command: <pre>$ sudo sysctl -w fs.suid_dumpable=...
    Rule Medium Severity
  • Daemon Umask

    The umask is a per-process setting which limits the default permissions for creation of new files and directories. The system includes initializati...
    Group
  • daemon umask

    Enter umask for daemons
    Value
  • Enable ExecShield

    ExecShield describes kernel features that provide protection against exploitation of memory corruption errors such as buffer overflows. These featu...
    Group
  • kernel.kptr_restrict

    Configure exposition of kernel pointer addresses
    Value
  • Restrict Exposed Kernel Pointer Addresses Access

    To set the runtime status of the <code>kernel.kptr_restrict</code> kernel parameter, run the following command: <pre>$ sudo sysctl -w kernel.kptr_r...
    Rule Medium Severity
  • Enable Randomized Layout of Virtual Address Space

    To set the runtime status of the <code>kernel.randomize_va_space</code> kernel parameter, run the following command: <pre>$ sudo sysctl -w kernel.r...
    Rule Medium Severity
  • Enable Execute Disable (XD) or No Execute (NX) Support on x86 Systems

    Recent processors in the x86 family support the ability to prevent code execution on a per memory page basis. Generically and on AMD processors, th...
    Group
  • Memory Poisoning

    Memory Poisoning consists of writing a special value to uninitialized or freed memory. Poisoning can be used as a mechanism to prevent leak of info...
    Group

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules