Skip to content

SUSE Linux Enterprise Server 15 Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • SRG-OS-000480-GPOS-00227

    <GroupDescription></GroupDescription>
    Group
  • The SUSE operating system must not disable syscall auditing.

    &lt;VulnDiscussion&gt;By default, the SUSE operating system includes the "-a task,never" audit rule as a default. This rule suppresses syscall audi...
    Rule Medium Severity
  • SRG-OS-000480-GPOS-00226

    <GroupDescription></GroupDescription>
    Group
  • The SUSE operating system must enforce a delay of at least four seconds between logon prompts following a failed logon attempt.

    &lt;VulnDiscussion&gt;Limiting the number of logon attempts over a certain time interval reduces the chances that an unauthorized user may gain acc...
    Rule Medium Severity
  • SRG-OS-000480-GPOS-00226

    <GroupDescription></GroupDescription>
    Group
  • The SUSE operating system must enforce a delay of at least four seconds between logon prompts following a failed logon attempt.

    &lt;VulnDiscussion&gt;The SUSE operating system must enforce a delay of at least four seconds between logon prompts following a failed logon attemp...
    Rule Medium Severity
  • SRG-OS-000480-GPOS-00227

    <GroupDescription></GroupDescription>
    Group
  • There must be no .shosts files on the SUSE operating system.

    &lt;VulnDiscussion&gt;The .shosts files are used to configure host-based authentication for individual users or the system via SSH. Host-based auth...
    Rule High Severity
  • SRG-OS-000480-GPOS-00227

    <GroupDescription></GroupDescription>
    Group
  • There must be no shosts.equiv files on the SUSE operating system.

    &lt;VulnDiscussion&gt;The shosts.equiv files are used to configure host-based authentication for the system via SSH. Host-based authentication is n...
    Rule High Severity
  • SRG-OS-000480-GPOS-00227

    <GroupDescription></GroupDescription>
    Group
  • The SUSE operating system file integrity tool must be configured to verify Access Control Lists (ACLs).

    &lt;VulnDiscussion&gt;ACLs can provide permissions beyond those permitted through the file mode and must be verified by file integrity tools.&lt;/V...
    Rule Low Severity
  • SRG-OS-000480-GPOS-00227

    <GroupDescription></GroupDescription>
    Group
  • The SUSE operating system file integrity tool must be configured to verify extended attributes.

    &lt;VulnDiscussion&gt;Extended attributes in file systems are used to contain arbitrary data and file metadata with security implications.&lt;/Vuln...
    Rule Low Severity
  • SRG-OS-000480-GPOS-00227

    <GroupDescription></GroupDescription>
    Group
  • The SUSE operating system must disable the x86 Ctrl-Alt-Delete key sequence.

    &lt;VulnDiscussion&gt;A locally logged-on user, who presses Ctrl-Alt-Delete when at the console, can reboot the system. If accidentally pressed, as...
    Rule High Severity
  • SRG-OS-000480-GPOS-00227

    <GroupDescription></GroupDescription>
    Group
  • The SUSE operating system must disable the x86 Ctrl-Alt-Delete key sequence for Graphical User Interfaces.

    &lt;VulnDiscussion&gt;A locally logged-on user, who presses Ctrl-Alt-Delete when at the console, can reboot the system. If accidentally pressed, as...
    Rule High Severity
  • SRG-OS-000480-GPOS-00227

    <GroupDescription></GroupDescription>
    Group
  • The SUSE operating system must disable the systemd Ctrl-Alt-Delete burst key sequence.

    &lt;VulnDiscussion&gt;A locally logged-on user, who presses Ctrl-Alt-Delete when at the console, can reboot the system. If accidentally pressed, as...
    Rule High Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules