Guide to the Secure Configuration of SUSE Linux Enterprise 12
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Set Account Expiration Parameters
Accounts can be configured to be automatically disabled after a certain time period, meaning that they will require administrator interaction to be...Group -
number of days after the last login of the user when the user will be locked out
'This option is specific for the auth or account phase. It specifies the number of days after the last login of the user when the user will be lock...Value -
Set Account Expiration Following Inactivity
To specify the number of days after a password expires (which signifies inactivity) until an account is permanently disabled, add or correct the fo...Rule Medium Severity -
Never Automatically Remove or Disable Emergency Administrator Accounts
Emergency accounts are privileged accounts that are established in response to crisis situations where the need for rapid account activation is req...Rule Medium Severity -
Assign Expiration Date to Temporary Accounts
Temporary accounts are established as part of normal account activation procedures when there is a need for short-term accounts. In the event tempo...Rule Medium Severity -
Ensure All Accounts on the System Have Unique Names
Ensure accounts on the system have unique names. To ensure all accounts have unique names, run the following command: <pre>$ sudo getent passwd | ...Rule Medium Severity -
Use Centralized and Automated Authentication
Implement an automated system for managing user accounts that minimizes the risk of errors, either intentional or deliberate. This system should in...Rule Medium Severity -
Ensure shadow Group is Empty
The shadow group allows system programs which require access the ability to read the /etc/shadow file. No users should be assigned to the shadow gr...Rule Medium Severity -
Policy Requires Immediate Change of Temporary Passwords
Temporary passwords for SUSE Linux Enterprise 12 operating system logons must require an immediate change to a permanent password. Verify that a p...Rule Medium Severity -
All GIDs referenced in /etc/passwd must be defined in /etc/group
Add a group to the system for each GID referenced without a corresponding group.Rule Low Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.