CIS SUSE Linux Enterprise 15 Benchmark Level 2 - Workstation
Rules and Groups employed by this XCCDF Profile
-
The Chrony package is installed
System time should be synchronized between all systems in an environment. This is typically done by establishing an authoritative time server or se...Rule Medium Severity -
Chrony Configure Pool and Server
<code>Chrony</code> is a daemon which implements the Network Time Protocol (NTP). It is designed to synchronize system clocks across a variety of s...Rule Medium Severity -
Ensure that chronyd is running under chrony user account
chrony is a daemon which implements the Network Time Protocol (NTP). It is designed to synchronize system clocks across a variety of systems and us...Rule Medium Severity -
Obsolete Services
This section discusses a number of network-visible services which have historically caused problems for system security, and for which disabling or...Group -
Uninstall rsync Package
The rsyncd service can be used to synchronize files between systems over network links. The <code>rsync</code> package can be removed with the foll...Rule Medium Severity -
Ensure rsyncd service is disabled
Thersyncdservice can be disabled with the following command:$ sudo systemctl mask --now rsyncd.service
Rule Medium Severity -
Xinetd
The <code>xinetd</code> service acts as a dedicated listener for some network services (mostly, obsolete ones) and can be used to provide access co...Group -
Uninstall tcpd Package
Thetcpdpackage can be removed with the following command:$ sudo zypper remove tcpd
Rule Low Severity -
Uninstall xinetd Package
Thexinetdpackage can be removed with the following command:$ sudo zypper remove xinetd
Rule Low Severity -
Disable xinetd Service
Thexinetdservice can be disabled with the following command:$ sudo systemctl mask --now xinetd.service
Rule Medium Severity -
NIS
The Network Information Service (NIS), also known as 'Yellow Pages' (YP), and its successor NIS+ have been made obsolete by Kerberos, LDAP, and oth...Group -
Remove NIS Client
The Network Information Service (NIS), formerly known as Yellow Pages, is a client-server directory service protocol used to distribute system conf...Rule Unknown Severity -
Uninstall ypserv Package
Theypservpackage can be removed with the following command:$ sudo zypper remove ypserv
Rule High Severity -
Rlogin, Rsh, and Rexec
The Berkeley r-commands are legacy services which allow cleartext remote access and have an insecure trust model.Group -
Uninstall rsh Package
Thershpackage contains the client commands for the rsh servicesRule Unknown Severity -
Chat/Messaging Services
The talk software makes it possible for users to send and receive messages across systems through a terminal session.Group -
Uninstall talk Package
The <code>talk</code> package contains the client program for the Internet talk protocol, which allows the user to chat with other users on differe...Rule Medium Severity -
Telnet
The telnet protocol does not provide confidentiality or integrity for information transmitted on the network. This includes authentication informat...Group -
Uninstall telnet-server Package
Thetelnet-serverpackage can be removed with the following command:$ sudo zypper remove telnet-server
Rule High Severity -
Remove telnet Clients
The telnet client allows users to start connections to other systems via the telnet protocol.Rule Low Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules