Skip to content

CIS SUSE Linux Enterprise 15 Benchmark for Level 1 - Workstation

Rules and Groups employed by this XCCDF Profile

  • Ensure that Root's Path Does Not Include World or Group-Writable Directories

    For each element in root's path, run:
    # ls -ld DIR
    and ensure that write permissions are disabled for group and other.
    Rule Medium Severity
  • Ensure that Root's Path Does Not Include Relative Paths or Null Directories

    Ensure that none of the directories in root's path is equal to a single <code>.</code> character, or that it contains any instances that lead to re...
    Rule Unknown Severity
  • Ensure that Users Have Sensible Umask Values

    The umask setting controls the default permissions for the creation of new files. With a default <code>umask</code> setting of 077, files and direc...
    Group
  • Ensure the Default Bash Umask is Set Correctly

    To ensure the default umask for users of the Bash shell is set properly, add or correct the <code>umask</code> setting in <code>/etc/bash.bashrc</c...
    Rule Medium Severity
  • Ensure the Default Umask is Set Correctly in login.defs

    To ensure the default umask controlled by <code>/etc/login.defs</code> is set properly, add or correct the <code>UMASK</code> setting in <code>/etc...
    Rule Medium Severity
  • Ensure the Default Umask is Set Correctly in /etc/profile

    To ensure the default umask controlled by <code>/etc/profile</code> is set properly, add or correct the <code>umask</code> setting in <code>/etc/pr...
    Rule Medium Severity
  • AppArmor

    Many security vulnerabilities result from bugs in trusted programs. A trusted program runs with privileges that attackers want to possess. The prog...
    Group
  • Install the pam_apparmor Package

    The pam_apparmor package can be installed with the following command:
    $ sudo zypper install pam_apparmor
    Rule Medium Severity
  • All AppArmor Profiles are in enforce or complain mode

    AppArmor profiles define what resources applications are able to access. To set all profiles to either <code>enforce</code> or <code>complain</code...
    Rule Medium Severity
  • Ensure AppArmor is Active and Configured

    Verify that the Apparmor tool is configured to control whitelisted applications and user home directory access control.<br><br> The <code>apparmor...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules