Skip to content

PCI-DSS v4 Control Baseline for SUSE Linux enterprise 12

Rules and Groups employed by this XCCDF Profile

  • Install AIDE

    The aide package can be installed with the following command:
    $ sudo zypper install aide
    Rule Medium Severity
  • Build and Test AIDE Database

    Run the following command to generate a new database: <pre>$ sudo /usr/bin/aide --init</pre> By default, the database will be written to the file...
    Rule Medium Severity
  • Configure Periodic Execution of AIDE

    At a minimum, AIDE should be configured to run a weekly scan. To implement a daily execution of AIDE at 4:05am using cron, add the following line t...
    Rule Medium Severity
  • System Cryptographic Policies

    Linux has the capability to centrally configure cryptographic polices. The command <code>update-crypto-policies</code> is used to set the policy ap...
    Group
  • Configure Libreswan to use System Crypto Policy

    Crypto Policies provide a centralized control over crypto algorithms usage of many packages. Libreswan is supported by system crypto policy, but th...
    Rule High Severity
  • Configure OpenSSL library to use System Crypto Policy

    Crypto Policies provide a centralized control over crypto algorithms usage of many packages. OpenSSL is supported by crypto policy, but the OpenSSL...
    Rule Medium Severity
  • Configure SSH to use System Crypto Policy

    Crypto Policies provide a centralized control over crypto algorithms usage of many packages. SSH is supported by crypto policy, but the SSH configu...
    Rule Medium Severity
  • Endpoint Protection Software

    Endpoint protection security software that is not provided or supported by Red Hat can be installed to provide complementary or duplicative secur...
    Group
  • Install Intrusion Detection Software

    The base SUSE Linux Enterprise 12 platform already includes a sophisticated auditing system that can detect intruder activity, as well as SELinux, ...
    Rule High Severity
  • McAfee Endpoint Security Software

    In DoD environments, McAfee Host-based Security System (HBSS) and VirusScan Enterprise for Linux (VSEL) is required to be installed on all systems.
    Group

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules