Skip to content
ATO Pathways
  Log In

Guide to the Secure Configuration of SUSE Linux Enterprise 12

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Enable Use of Privilege Separation

    When enabled, SSH will create an unprivileged child process that has the privilege of the authenticated user. To enable privilege separation in SSH...
    Rule Medium Severity
    Show

  • Use Only Strong Ciphers

    Limit the ciphers to strong algorithms. Counter (CTR) mode is also preferred over cipher-block chaining (CBC) mode. The following line in <code>/et...
    Rule Medium Severity
    Show

  • Use Only Strong Key Exchange algorithms

    Limit the Key Exchange to strong algorithms. The following line in <code>/etc/ssh/sshd_config</code> demonstrates use of those: <pre>KexAlgorithms ...
    Rule Medium Severity
    Show

  • Prevent remote hosts from connecting to the proxy display

    The SSH daemon should prevent remote hosts from connecting to the proxy display. <br> The default SSH configuration for <code>X11UseLocalhost</code...
    Rule Medium Severity
    Show

  • Strengthen Firewall Configuration if Possible

    If the SSH server is expected to only receive connections from the local network, then strengthen the default firewall rule for the SSH service to ...
    Group
    Show

  • System Security Services Daemon

    The System Security Services Daemon (SSSD) is a system daemon that provides access to different identity and authentication providers such as Red H...
    Group
    Show

  • SSSD certificate_verification option

    Value of the certificate_verification option in the SSSD config.
    Value
    Show

  • SSSD memcache_timeout option

    Value of the memcache_timeout option in the [nss] section of SSSD config /etc/sssd/sssd.conf.
    Value
    Show

  • SSSD ssh_known_hosts_timeout option

    Value of the ssh_known_hosts_timeout option in the [ssh] section of SSSD configuration file /etc/sssd/sssd.conf.
    Value
    Show

  • Enable Smartcards in SSSD

    SSSD should be configured to authenticate access to the system using smart cards. To enable smart cards in SSSD, set <code>pam_cert_auth</code> to ...
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules