Skip to content
Log In

Guide to the Secure Configuration of SUSE Linux Enterprise 12

Rules, Groups, and Values defined within the XCCDF Benchmark

  • System Settings

    Contains rules that check correct system settings.
    Group
    Show

  • Installing and Maintaining Software

    The following sections contain information on security-relevant choices during the initial operating system installation process and the setup of software updates.
    Group
    Show

  • Prefer to use a 64-bit Operating System when supported

    Prefer installation of 64-bit operating systems when the CPU supports it.
    Rule Medium Severity
    Show

  • System and Software Integrity

    System and software integrity can be gained by installing antivirus, increasing system encryption strength with FIPS, verifying installed software, enabling SELinux, installing an Intrusion Prevent...
    Group
    Show

  • Disable Prelinking

    The prelinking feature changes binaries in an attempt to decrease their startup time. In order to disable it, change or add the following line inside the file <code>/etc/sysconfig/prelink</code>: <...
    Rule Medium Severity
    Show

  • minclass

    Minimum number of categories of characters that must exist in a password
    Value
    Show

  • minlen

    Minimum number of characters in password
    Value
    Show

  • ocredit

    Minimum number of other (special characters) in password
    Value
    Show

  • retry

    Number of retry attempts before erroring out
    Value
    Show

  • ucredit

    Minimum number of upper case in password
    Value
    Show

  • net.ipv4.tcp_rfc1337

    Enable to enable TCP behavior conformant with RFC 1337
    Value
    Show

  • net.ipv4.tcp_syncookies

    Enable to turn on TCP SYN Cookie Protection
    Value
    Show

  • Chat/Messaging Services

    The talk software makes it possible for users to send and receive messages across systems through a terminal session.
    Group
    Show

  • Action for auditd to take when disk space just starts to run low

    The setting for space_left_action in /etc/audit/auditd.conf
    Value
    Show

  • Set Password Hashing Algorithm

    The system's default algorithm for storing password hashes in /etc/shadow is SHA-512. This can be configured in several locations.
    Group
    Show

  • MotD Banner Verbiage

    Enter an appropriate login banner for your organization. Please note that new lines must be expressed by the '\n' character and special characters like parentheses and quotation marks must be escap...
    Value
    Show

  • Remote Login Banner Verbiage

    Enter an appropriate login banner for your organization. Please note that new lines must be expressed by the '\n' character and special characters like parentheses and quotation marks must be escap...
    Value
    Show

  • tally2

    Number of failed login attempts
    Value
    Show

  • The Installed Operating System Is Vendor Supported

    The installed operating system must be maintained by a vendor. SUSE Linux Enterprise is supported by SUSE. As the SUSE Linux Enterprise vendor, SUSE is responsible for providing security patches.
    Rule High Severity
    Show

  • Software Integrity Checking

    Both the AIDE (Advanced Intrusion Detection Environment) software and the RPM package management system provide mechanisms for verifying the integrity of installed software. AIDE uses snapshots of ...
    Group
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules