Skip to content
ATO Pathways
  Log In

CIS SUSE Linux Enterprise 12 Benchmark for Level 1 - Server

Rules and Groups employed by this XCCDF Profile

  • Uninstall rsync Package

    The rsyncd service can be used to synchronize files between systems over network links. The <code>rsync</code> package can be removed with the foll...
    Rule Medium Severity
    Show

  • Ensure rsyncd service is disabled

    The rsyncd service can be disabled with the following command: 
    $ sudo systemctl mask --now rsyncd.service
    Rule Medium Severity
    Show

  • Xinetd

    The <code>xinetd</code> service acts as a dedicated listener for some network services (mostly, obsolete ones) and can be used to provide access co...
    Group
    Show

  • Uninstall tcpd Package

    The tcpd package can be removed with the following command: 
    $ sudo zypper remove tcpd
    Rule Low Severity
    Show

  • Uninstall xinetd Package

    The xinetd package can be removed with the following command: 
    $ sudo zypper remove xinetd
    Rule Low Severity
    Show

  • Disable xinetd Service

    The xinetd service can be disabled with the following command: 
    $ sudo systemctl mask --now xinetd.service
    Rule Medium Severity
    Show

  • NIS

    The Network Information Service (NIS), also known as 'Yellow Pages' (YP), and its successor NIS+ have been made obsolete by Kerberos, LDAP, and oth...
    Group
    Show

  • Remove NIS Client

    The Network Information Service (NIS), formerly known as Yellow Pages, is a client-server directory service protocol used to distribute system conf...
    Rule Unknown Severity
    Show

  • Uninstall ypserv Package

    The ypserv package can be removed with the following command: 
    $ sudo zypper remove ypserv
    Rule High Severity
    Show

  • Rlogin, Rsh, and Rexec

    The Berkeley r-commands are legacy services which allow cleartext remote access and have an insecure trust model.
    Group
    Show

  • Uninstall rsh Package

    The rsh package contains the client commands for the rsh services
    Rule Unknown Severity
    Show

  • Chat/Messaging Services

    The talk software makes it possible for users to send and receive messages across systems through a terminal session.
    Group
    Show

  • Uninstall talk Package

    The <code>talk</code> package contains the client program for the Internet talk protocol, which allows the user to chat with other users on differe...
    Rule Medium Severity
    Show

  • Telnet

    The telnet protocol does not provide confidentiality or integrity for information transmitted on the network. This includes authentication informat...
    Group
    Show

  • Uninstall telnet-server Package

    The telnet-server package can be removed with the following command: 
    $ sudo zypper remove telnet-server
    Rule High Severity
    Show

  • Remove telnet Clients

    The telnet client allows users to start connections to other systems via the telnet protocol.
    Rule Low Severity
    Show

  • Print Support

    The Common Unix Printing System (CUPS) service provides both local and network printing support. A system running the CUPS service can accept print...
    Group
    Show

  • Uninstall CUPS Package

    The cups package can be removed with the following command: 
    $ sudo zypper remove cups
    Rule Unknown Severity
    Show

  • Disable the CUPS Service

    The cups service can be disabled with the following command: 
    $ sudo systemctl mask --now cups.service
    Rule Unknown Severity
    Show

  • Proxy Server

    A proxy server is a very desirable target for a potential adversary because much (or all) sensitive data for a given infrastructure may flow throug...
    Group
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules