CIS SUSE Linux Enterprise 15 Benchmark for Level 1 - Workstation
Rules and Groups employed by this XCCDF Profile
-
Disable Core Dumps for All Users
To disable core dumps for all users, add the following line to <code>/etc/security/limits.conf</code>, or to a file within the <code>/etc/security/...Rule Medium Severity -
Disable Core Dumps for SUID programs
To set the runtime status of the <code>fs.suid_dumpable</code> kernel parameter, run the following command: <pre>$ sudo sysctl -w fs.suid_dumpable=...Rule Medium Severity -
Enable ExecShield
ExecShield describes kernel features that provide protection against exploitation of memory corruption errors such as buffer overflows. These featu...Group -
Enable Randomized Layout of Virtual Address Space
To set the runtime status of the <code>kernel.randomize_va_space</code> kernel parameter, run the following command: <pre>$ sudo sysctl -w kernel.r...Rule Medium Severity -
Enable Execute Disable (XD) or No Execute (NX) Support on x86 Systems
Recent processors in the x86 family support the ability to prevent code execution on a per memory page basis. Generically and on AMD processors, th...Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules