Skip to content
Log In

Guide to the Secure Configuration of SUSE Linux Enterprise 12

Rules, Groups, and Values defined within the XCCDF Benchmark

  • The Installed Operating System Is FIPS 140-2 Certified

    To enable processing of sensitive information the operating system must provide certified cryptographic modules compliant with FIPS 140-2 standard. SUSE Enterprise Linux is supported by SUSE Softw...
    Rule High Severity
    Show

  • Configure Backups of User Data

    The operating system must conduct backups of user data contained in the operating system. The operating system provides utilities for automating backups of user data. Commercial and open-source pro...
    Rule Medium Severity
    Show

  • Install Intrusion Detection Software

    The base SUSE Linux Enterprise 12 platform already includes a sophisticated auditing system that can detect intruder activity, as well as SELinux, which provides host-based intrusion prevention cap...
    Rule High Severity
    Show

  • McAfee Endpoint Security Software

    In DoD environments, McAfee Host-based Security System (HBSS) and VirusScan Enterprise for Linux (VSEL) is required to be installed on all systems.
    Group
    Show

  • McAfee Host-Based Intrusion Detection Software (HBSS)

    McAfee Host-based Security System (HBSS) is a suite of software applications used to monitor, detect, and defend computer networks and systems.
    Group
    Show

  • Install the Host Intrusion Prevention System (HIPS) Module

    Install the McAfee Host Intrusion Prevention System (HIPS) Module if it is absolutely necessary. If SELinux is enabled, do not install or enable this module.
    Rule Medium Severity
    Show

  • Encrypt Partitions

    SUSE Linux Enterprise 12 natively supports partition encryption through the Linux Unified Key Setup-on-disk-format (LUKS) technology. The easiest way to encrypt a partition is during installation t...
    Rule High Severity
    Show

  • Ensure /boot Located On Separate Partition

    It is recommended that the <code>/boot</code> directory resides on a separate partition. This makes it easier to apply restrictions e.g. through the <code>noexec</code> mount option. Eventually, th...
    Rule Medium Severity
    Show

  • Account Lockouts Must Be Logged

    PAM faillock locks an account due to excessive password failures, this event must be logged.
    Rule Medium Severity
    Show

  • Ensure /srv Located On Separate Partition

    If a file server (FTP, TFTP...) is hosted locally, create a separate partition for <code>/srv</code> at installation time (or migrate it later using LVM). If <code>/srv</code> will be mounted from ...
    Rule Unknown Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules