Skip to content

PCI-DSS v3.2.1 Control Baseline for SUSE Linux enterprise 12

Rules and Groups employed by this XCCDF Profile

  • Set Deny For Failed Password Attempts

    The SUSE Linux Enterprise 12 operating system must lock an account after - at most - <xccdf-1.2:sub xmlns:xccdf-1.2="http://checklists.nist.gov/xcc...
    Rule Medium Severity
  • Set Lockout Time for Failed Password Attempts using pam_tally2

    This rule configures the system to lock out accounts during a specified time period after a number of incorrect login attempts using <code>pam_tall...
    Rule Medium Severity
  • Set Password Hashing Algorithm

    The system's default algorithm for storing password hashes in /etc/shadow is SHA-512. This can be configured in several locations.
    Group
  • Set PAM's Common Authentication Hashing Algorithm

    The PAM system service can be configured to only store encrypted representations of passwords. In <code>/etc/pam.d/common-auth</code>, the <code>au...
    Rule Medium Severity
  • Set Password Hashing Algorithm in /etc/libuser.conf

    In <code>/etc/libuser.conf</code>, add or correct the following line in its <code>[defaults]</code> section to ensure the system will use the SHA-5...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules