Guide to the Secure Configuration of SUSE Linux Enterprise 12
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Verify Permissions of Local Logs of audit Tools
The SUSE operating system audit tools must have the proper permissions configured to protect against unauthorized access. Check that "permissions.local" file contains the correct permissions rules...Rule Medium Severity -
Verify that Local Logs of the audit Daemon are not World-Readable
Files containing sensitive informations should be protected by restrictive permissions. Most of the time, there is no need that these files need to be read by any non-root user. Check that "permis...Rule Medium Severity -
OS commands and libraries must have the proper permissions to protect from unauthorized access
Verify that the SUSE operating system prevents unauthorized users from accessing system command and library files. Check that all of the audit information files and folders have the correct permis...Rule Medium Severity -
Restrict Programs from Dangerous Execution Patterns
The recommendations in this section are designed to ensure that the system's features to protect against potentially dangerous program execution are activated. These protections are applied at the ...Group -
Disable the uvcvideo module
If the device contains a camera it should be covered or disabled when not in use.Rule Medium Severity -
Restrict Access to Kernel Message Buffer
To set the runtime status of the <code>kernel.dmesg_restrict</code> kernel parameter, run the following command: <pre>$ sudo sysctl -w kernel.dmesg_restrict=1</pre> To make sure that the setting is...Rule Low Severity -
Uninstall setroubleshoot-server Package
The SETroubleshoot service notifies desktop users of SELinux denials. The service provides information around configuration errors, unauthorized intrusions, and other potential errors. The <code>se...Rule Low Severity -
Kernel panic on oops
To set the runtime status of the <code>kernel.panic_on_oops</code> kernel parameter, run the following command: <pre>$ sudo sysctl -w kernel.panic_on_oops=1</pre> To make sure that the setting is p...Rule Medium Severity -
Limit CPU consumption of the Perf system
To set the runtime status of the <code>kernel.perf_cpu_time_max_percent</code> kernel parameter, run the following command: <pre>$ sudo sysctl -w kernel.perf_cpu_time_max_percent=1</pre> To make su...Rule Medium Severity -
Limit sampling frequency of the Perf system
To set the runtime status of the <code>kernel.perf_event_max_sample_rate</code> kernel parameter, run the following command: <pre>$ sudo sysctl -w kernel.perf_event_max_sample_rate=1</pre> To make ...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.