SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SLEM 5 must automatically expire temporary accounts within 72 hours.
Temporary accounts are privileged or nonprivileged accounts established during pressing circumstances, such as new software or hardware configuration or an incident response, where the need for pro...Rule Medium Severity -
SLEM 5 must not have unnecessary accounts.
Accounts providing no operational purpose provide additional opportunities for system compromise. Unnecessary accounts include user accounts for individuals not requiring access to the system and a...Rule Medium Severity -
SLEM 5 must not have duplicate User IDs (UIDs) for interactive users.
To ensure accountability and prevent unauthenticated access, interactive users must be identified and authenticated to prevent potential misuse and compromise of the system. Interactive users incl...Rule Medium Severity -
SLEM 5 must initiate a session lock after a 15-minute period of inactivity.
A session time-out lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the information system but does not log out because of the temporar...Rule Medium Severity -
SLEM 5 must have policycoreutils package installed.
Without verification of the security functions, security functions may not operate correctly and the failure may go unnoticed. Security function is defined as the hardware, software, and/or firmwar...Rule Low Severity -
SLEM 5 must require reauthentication when using the "sudo" command.
Without reauthentication, users may access resources or perform tasks for which they do not have authorization. When operating systems provide the capability to escalate a functional capability, i...Rule Medium Severity -
SLEM 5 must specify the default "include" directory for the /etc/sudoers file.
The "sudo" command allows authorized users to run programs (including shells) as other users, system users, and root. The "/etc/sudoers" file is used to configure authorized "sudo" users as well as...Rule Medium Severity -
SLEM 5 must enforce passwords that contain at least one numeric character.
Use of a complex password helps increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting a...Rule Medium Severity -
SLEM 5 must not have accounts configured with blank or null passwords.
If an account has an empty password, anyone could log on and run commands with the privileges of that account. Accounts with empty passwords should never be used in operational environments.Rule High Severity -
SLEM 5 must employ user passwords with a minimum lifetime of 24 hours (one day).
Enforcing a minimum password lifetime helps prevent repeated password changes to defeat the password reuse or history enforcement requirement. If users are allowed to immediately and continually ch...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.