Skip to content

CIS SUSE Linux Enterprise 15 Benchmark for Level 1 - Server

Rules and Groups employed by this XCCDF Profile

  • Enable rsyslog Service

    The <code>rsyslog</code> service provides syslog-style logging by default on SUSE Linux Enterprise 15. The <code>rsyslog</code> service can be ena...
    Rule Medium Severity
  • Ensure Proper Configuration of Log Files

    The file <code>/etc/rsyslog.conf</code> controls where log message are written. These are controlled by lines called <i>rules</i>, which consist of...
    Group
  • Ensure Log Files Are Owned By Appropriate Group

    The group-owner of all log files written by <code>rsyslog</code> should be <code>root</code>. These log files are determined by the second part of ...
    Rule Medium Severity
  • Ensure Log Files Are Owned By Appropriate User

    The owner of all log files written by <code>rsyslog</code> should be <code>root</code>. These log files are determined by the second part of each...
    Rule Medium Severity
  • Ensure System Log Files Have Correct Permissions

    The file permissions for all log files written by <code>rsyslog</code> should be set to 640, or more restrictive. These log files are determined by...
    Rule Medium Severity
  • Ensure logging is configured

    The <code>/etc/rsyslog.conf</code> and <code>/etc/rsyslog.d/*.conf</code> files specifies rules for logging and which files are to be used to log c...
    Rule Medium Severity
  • systemd-journald

    systemd-journald is a system service that collects and stores logging data. It creates and maintains structured, indexed journals based on logging ...
    Group
  • Ensure journald is configured to compress large log files

    The journald system can compress large log files to avoid fill the system disk.
    Rule Medium Severity
  • Ensure journald is configured to send logs to rsyslog

    Data from journald may be stored in volatile memory or persisted locally. Utilities exist to accept remote export of journald logs.
    Rule Medium Severity
  • Ensure journald is configured to write log files to persistent disk

    The journald system may store log files in volatile memory or locally on disk. If the logs are only stored in volatile memory they will we lost upo...
    Rule Medium Severity
  • Ensure All Logs are Rotated by logrotate

    Edit the file <code>/etc/logrotate.d/syslog</code>. Find the first line, which should look like this (wrapped for clarity): <pre>/var/log/message...
    Group
  • Ensure logrotate is Installed

    logrotate is installed by default. The <code>logrotate</code> package can be installed with the following command: <pre> $ sudo zypper install logr...
    Rule Medium Severity
  • Ensure Logrotate Runs Periodically

    The <code>logrotate</code> utility allows for the automatic rotation of log files. The frequency of rotation is specified in <code>/etc/logrotate....
    Rule Medium Severity
  • Enable logrotate Timer

    The logrotate timer can be enabled with the following command:
    $ sudo systemctl enable logrotate.timer
    Rule Medium Severity
  • Rsyslog Logs Sent To Remote Host

    If system logs are to be useful in detecting malicious activities, it is necessary to send logs to a remote server. An intruder who has compromised...
    Group
  • Ensure Logs Sent To Remote Host

    To configure rsyslog to send logs to a remote log server, open <code>/etc/rsyslog.conf</code> and read and understand the last section of the file,...
    Rule Medium Severity
  • Network Configuration and Firewalls

    Most systems must be connected to a network of some sort, and this brings with it the substantial risk of network attack. This section discusses th...
    Group
  • firewalld

    The dynamic firewall daemon <code>firewalld</code> provides a dynamically managed firewall with support for network “zones” to assign a level of tr...
    Group
  • Configure Firewalld to Use the Nftables Backend

    Firewalld can be configured with many backends, such as nftables.
    Rule Medium Severity
  • Ensure network interfaces are assigned to appropriate zone

    Firewall zones define the trust level of network connections or interfaces. Note: Changing firewall settings while connected over network can resul...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules