Skip to content
ATO Pathways
  Log In

Guide to the Secure Configuration of SUSE Linux Enterprise 15

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Enable SSH Print Last Log

    Ensure that SSH will display the date and time of the last successful account logon. <br> The default SSH configuration enables print of the date a...
    Rule Medium Severity
    Show

  • Force frequent session key renegotiation

    The <code>RekeyLimit</code> parameter specifies how often the session key of the is renegotiated, both in terms of amount of data that may be trans...
    Rule Medium Severity
    Show

  • Ensure SSH LoginGraceTime is configured

    The <code>LoginGraceTime</code> parameter to the SSH server specifies the time allowed for successful authentication to the SSH server. The longer ...
    Rule Medium Severity
    Show

  • Set LogLevel to INFO

    The INFO parameter specifices that record login and logout activity will be logged. <br> The default SSH configuration sets the log level to INFO. ...
    Rule Low Severity
    Show

  • Set SSH Daemon LogLevel to VERBOSE

    The <code>VERBOSE</code> parameter configures the SSH daemon to record login and logout activity. To specify the log level in SSH, add or correct t...
    Rule Medium Severity
    Show

  • Set SSH authentication attempt limit

    The <code>MaxAuthTries</code> parameter specifies the maximum number of authentication attempts permitted per connection. Once the number of failur...
    Rule Medium Severity
    Show

  • Set SSH MaxSessions limit

    The <code>MaxSessions</code> parameter specifies the maximum number of open sessions permitted from a given connection. To set MaxSessions edit <co...
    Rule Medium Severity
    Show

  • Ensure SSH MaxStartups is configured

    The MaxStartups parameter specifies the maximum number of concurrent unauthenticated connections to the SSH daemon. Additional connections will be ...
    Rule Medium Severity
    Show

  • Use Only FIPS 140-2 Validated Ciphers

    Limit the ciphers to those algorithms which are FIPS-approved. Counter (CTR) mode is also preferred over cipher-block chaining (CBC) mode. The foll...
    Rule Medium Severity
    Show

  • Use Only FIPS 140-2 Validated Ciphers

    Limit the ciphers to those algorithms which are FIPS-approved. The following line in <code>/etc/ssh/sshd_config</code> demonstrates use of FIPS-app...
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules