Skip to content
Log In

Guide to the Secure Configuration of SUSE Linux Enterprise 15

Rules, Groups, and Values defined within the XCCDF Benchmark

  • The Installed Operating System Is FIPS 140-2 Certified

    To enable processing of sensitive information the operating system must provide certified cryptographic modules compliant with FIPS 140-2 standard. SUSE Enterprise Linux is supported by SUSE Softw...
    Rule High Severity
    Show

  • The Installed Operating System Is Vendor Supported

    The installed operating system must be maintained by a vendor. SUSE Linux Enterprise is supported by SUSE. As the SUSE Linux Enterprise vendor, SUSE is responsible for providing security patches.
    Rule High Severity
    Show

  • Endpoint Protection Software

    Endpoint protection security software that is not provided or supported by Red Hat can be installed to provide complementary or duplicative security capabilities to those provided by the base pla...
    Group
    Show

  • Configure Backups of User Data

    The operating system must conduct backups of user data contained in the operating system. The operating system provides utilities for automating backups of user data. Commercial and open-source pro...
    Rule Medium Severity
    Show

  • McAfee Endpoint Security Software

    In DoD environments, McAfee Host-based Security System (HBSS) and VirusScan Enterprise for Linux (VSEL) is required to be installed on all systems.
    Group
    Show

  • Encrypt Partitions

    SUSE Linux Enterprise 15 natively supports partition encryption through the Linux Unified Key Setup-on-disk-format (LUKS) technology. The easiest way to encrypt a partition is during installation t...
    Rule High Severity
    Show

  • Ensure /boot Located On Separate Partition

    It is recommended that the <code>/boot</code> directory resides on a separate partition. This makes it easier to apply restrictions e.g. through the <code>noexec</code> mount option. Eventually, th...
    Rule Medium Severity
    Show

  • Ensure /home Located On Separate Partition

    If user home directories will be stored locally, create a separate partition for <code>/home</code> at installation time (or migrate it later using LVM). If <code>/home</code> will be mounted from ...
    Rule Low Severity
    Show

  • Ensure /opt Located On Separate Partition

    It is recommended that the /opt directory resides on a separate partition.
    Rule Medium Severity
    Show

  • Ensure /srv Located On Separate Partition

    If a file server (FTP, TFTP...) is hosted locally, create a separate partition for <code>/srv</code> at installation time (or migrate it later using LVM). If <code>/srv</code> will be mounted from ...
    Rule Unknown Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules