Skip to content

Guide to the Secure Configuration of SUSE Linux Enterprise 15

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Enable ExecShield via sysctl

    By default on SUSE Linux Enterprise 15 64-bit systems, ExecShield is enabled and can only be disabled if the hardware does not support ExecShield o...
    Rule Medium Severity
  • Restrict Exposed Kernel Pointer Addresses Access

    To set the runtime status of the <code>kernel.kptr_restrict</code> kernel parameter, run the following command: <pre>$ sudo sysctl -w kernel.kptr_r...
    Rule Medium Severity
  • Enable Randomized Layout of Virtual Address Space

    To set the runtime status of the <code>kernel.randomize_va_space</code> kernel parameter, run the following command: <pre>$ sudo sysctl -w kernel.r...
    Rule Medium Severity
  • Enable Execute Disable (XD) or No Execute (NX) Support on x86 Systems

    Recent processors in the x86 family support the ability to prevent code execution on a per memory page basis. Generically and on AMD processors, th...
    Group
  • Enable NX or XD Support in the BIOS

    Reboot the system and enter the BIOS or Setup configuration menu. Navigate the BIOS configuration menu and make sure that the option is enabled. Th...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules