Skip to content
Log In

Guide to the Secure Configuration of SUSE Linux Enterprise 12

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Enable Kernel Parameter to Use TCP Syncookies on Network Interfaces

    To set the runtime status of the <code>net.ipv4.tcp_syncookies</code> kernel parameter, run the following command: <pre>$ sudo sysctl -w net.ipv4.tcp_syncookies=1</pre> To make sure that the settin...
    Rule Medium Severity
    Show

  • nftables

    <code>If firewalld or iptables are being used in your environment, please follow the guidance in their respective section and pass-over the guidance in this section.</code><br><br> nftables is a su...
    Group
    Show

  • Wireless Networking

    Wireless networking, such as 802.11 (WiFi) and Bluetooth, can present a security risk to sensitive or classified systems and networks. Wireless networking hardware is much more likely to be include...
    Group
    Show

  • Verify that All World-Writable Directories Have Sticky Bits Set

    When the so-called 'sticky bit' is set on a directory, only the owner of a given file may remove that file from the directory. Without the sticky bit, any user with write access to a directory may ...
    Rule Medium Severity
    Show

  • Verify that system commands directories have root as a group owner

    System commands are stored in the following directories: by default: <pre>/bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin </pre> All these directories should have <code>root</code...
    Rule Medium Severity
    Show

  • Verify Group Who Owns /etc/crypttab File

    To properly set the group owner of /etc/crypttab, run the command: 
    $ sudo chgrp root /etc/crypttab
    Rule Medium Severity
    Show

  • Verify Group Who Owns System.map Files

    The System.map files are symbol map files generated during the compilation of the Linux kernel. They contain the mapping between kernel symbols and their corresponding memory addresses. These files...
    Rule Low Severity
    Show

  • Verify User Who Owns /etc/crypttab File

    To properly set the owner of /etc/crypttab, run the command: 
    $ sudo chown root /etc/crypttab
    Rule Medium Severity
    Show

  • Verify User Who Owns System.map Files

    The System.map files are symbol map files generated during the compilation of the Linux kernel. They contain the mapping between kernel symbols and their corresponding memory addresses. These files...
    Rule Low Severity
    Show

  • Verify Permissions On /etc/crypttab File

    To properly set the permissions of /etc/crypttab, run the command: 
    $ sudo chmod 0600 /etc/crypttab
    Rule Medium Severity
    Show

  • Verify Permissions On /etc/sysctl.d Directory

    To properly set the permissions of /etc/sysctl.d, run the command: 
    $ sudo chmod 0755 /etc/sysctl.d
    Rule Medium Severity
    Show

  • Ensure All Files Are Owned by a User

    If any files are not owned by a user, then the cause of their lack of ownership should be investigated. Following this, the files should be deleted or assigned to an appropriate user. Locate the m...
    Rule Medium Severity
    Show

  • Verify Group Who Owns Backup gshadow File

    To properly set the group owner of /etc/gshadow-, run the command: 
    $ sudo chgrp root /etc/gshadow-
    Rule Medium Severity
    Show

  • Verify User Who Owns Backup shadow File

    To properly set the group owner of /etc/shadow-, run the command: 
    $ sudo chgrp shadow /etc/shadow-
    Rule Medium Severity
    Show

  • Verify Group Who Owns /etc/shells File

    To properly set the group owner of /etc/shells, run the command: 
    $ sudo chgrp root /etc/shells
    Rule Medium Severity
    Show

  • Verify Who Owns /etc/shells File

    To properly set the owner of /etc/shells, run the command: 
    $ sudo chown root /etc/shells
    Rule Medium Severity
    Show

  • Verify Permissions on passwd File

    To properly set the permissions of /etc/passwd, run the command: 
    $ sudo chmod 0644 /etc/passwd
    Rule Medium Severity
    Show

  • Verify Permissions on /etc/shells File

    To properly set the permissions of /etc/shells, run the command: 
    $ sudo chmod 0644 /etc/shells
    Rule Medium Severity
    Show

  • Verify that Shared Library Directories Have Root Group Ownership

    System-wide shared library files, which are linked to executables during process load time or run time, are stored in the following directories by default: <pre>/lib /lib64 /usr/lib /usr/lib64 </pr...
    Rule Medium Severity
    Show

  • Verify that Shared Library Directories Have Restrictive Permissions

    System-wide shared library directories, which contain are linked to executables during process load time or run time, are stored in the following directories by default: <pre>/lib /lib64 /usr/lib /...
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules