Skip to content
ATO Pathways
  Log In

Guide to the Secure Configuration of SUSE Linux Enterprise 15

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Verify that local /var/log/messages is not world-readable

    Files containing sensitive informations should be protected by restrictive permissions. Most of the time, there is no need that these files need to...
    Rule Medium Severity
    Show

  • Verify Permissions of Local Logs of audit Tools

    The SUSE operating system audit tools must have the proper permissions configured to protect against unauthorized access. Check that "permissions....
    Rule Medium Severity
    Show

  • Verify that Local Logs of the audit Daemon are not World-Readable

    Files containing sensitive informations should be protected by restrictive permissions. Most of the time, there is no need that these files need to...
    Rule Medium Severity
    Show

  • Restrict Programs from Dangerous Execution Patterns

    The recommendations in this section are designed to ensure that the system's features to protect against potentially dangerous program execution ar...
    Group
    Show

  • kernel.unprivileged_bpf_disabled

    Prevent unprivileged processes from using the bpf() syscall.
    Value
    Show

  • Disable the uvcvideo module

    If the device contains a camera it should be covered or disabled when not in use.
    Rule Medium Severity
    Show

  • Restrict Access to Kernel Message Buffer

    To set the runtime status of the <code>kernel.dmesg_restrict</code> kernel parameter, run the following command: <pre>$ sudo sysctl -w kernel.dmesg...
    Rule Low Severity
    Show

  • Disable loading and unloading of kernel modules

    To set the runtime status of the <code>kernel.modules_disabled</code> kernel parameter, run the following command: <pre>$ sudo sysctl -w kernel.mod...
    Rule Medium Severity
    Show

  • Kernel panic on oops

    To set the runtime status of the <code>kernel.panic_on_oops</code> kernel parameter, run the following command: <pre>$ sudo sysctl -w kernel.panic_...
    Rule Medium Severity
    Show

  • Limit CPU consumption of the Perf system

    To set the runtime status of the <code>kernel.perf_cpu_time_max_percent</code> kernel parameter, run the following command: <pre>$ sudo sysctl -w k...
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules