PCI-DSS v4 Control Baseline for SUSE Linux enterprise 12
Rules and Groups employed by this XCCDF Profile
-
Set Deny For Failed Password Attempts
The SUSE Linux Enterprise 12 operating system must lock an account after - at most - <xccdf-1.2:sub xmlns:xccdf-1.2="http://checklists.nist.gov/xcc...Rule Medium Severity -
Set Lockout Time for Failed Password Attempts using pam_tally2
This rule configures the system to lock out accounts during a specified time period after a number of incorrect login attempts using <code>pam_tall...Rule Medium Severity -
Set Password Hashing Algorithm
The system's default algorithm for storing password hashes in/etc/shadow
is SHA-512. This can be configured in several locations.Group -
Set PAM's Common Authentication Hashing Algorithm
The PAM system service can be configured to only store encrypted representations of passwords. In <code>/etc/pam.d/common-auth</code>, the <code>au...Rule Medium Severity -
Set Password Hashing Algorithm in /etc/libuser.conf
In <code>/etc/libuser.conf</code>, add or correct the following line in its <code>[defaults]</code> section to ensure the system will use the SHA-5...Rule Medium Severity -
Set Password Hashing Algorithm in /etc/login.defs
In <code>/etc/login.defs</code>, add or correct the following line to ensure the system will use <xccdf-1.2:sub idref="xccdf_org.ssgproject.content...Rule Medium Severity -
Set PAM''s Password Hashing Algorithm
The PAM system service can be configured to only store encrypted representations of passwords. In "/etc/pam.d/common-password", the <code>password<...Rule Medium Severity -
Protect Physical Console Access
It is impossible to fully protect a system from an attacker with physical access, so securing the space in which the system is located should be co...Group -
Configure Screen Locking
When a user must temporarily leave an account logged-in, screen locking should be employed to prevent passersby from abusing the account. User educ...Group -
Hardware Tokens for Authentication
The use of hardware tokens such as smart cards for system login provides stronger, two-factor authentication than using a username and password. I...Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules