Skip to content
Log In

Hardening for Public Cloud Image of SUSE Linux Enterprise Server (SLES) for SAP Applications 15

Rules and Groups employed by this XCCDF Profile

  • Ensure Only Users Logged In To Real tty Can Execute Sudo - sudo use_pty

    The sudo <code>use_pty</code> tag, when specified, will only execute sudo commands from users logged in to a real tty. This should be enabled by making sure that the <code>use_pty</code> tag exists...
    Rule Medium Severity
    Show

  • Ensure Sudo Logfile Exists - sudo logfile

    A custom log sudo file can be configured with the 'logfile' tag. This rule configures a sudo custom logfile at the default location suggested by CIS, which uses /var/log/sudo.log.
    Rule Low Severity
    Show

  • Updating Software

    The <code>zypper</code> command line tool is used to install and update software packages. The system also provides a graphical software update tool in the <b>System</b> menu, in the <b>Administrat...
    Group
    Show

  • Ensure gpgcheck Enabled In Main zypper Configuration

    The <code>gpgcheck</code> option controls whether RPM packages' signatures are always checked prior to installation. To configure zypper to check package signatures before installing them, ensure t...
    Rule High Severity
    Show

  • Account and Access Control

    In traditional Unix security, if an attacker gains shell access to a certain login account, they can perform any action or access any file to which that account has access. Therefore, making it mor...
    Group
    Show

  • Warning Banners for System Accesses

    Each system should expose as little information about itself as possible. <br> <br> System banners, which are typically displayed just before a login prompt, give out information about the s...
    Group
    Show

  • Modify the System Login Banner

    To configure the system login banner edit <code>/etc/issue</code>. Replace the default text with a message compliant with the local site policy or a legal disclaimer. The DoD required text is ei...
    Rule Medium Severity
    Show

  • Modify the System Login Banner for Remote Connections

    To configure the system login banner edit <code>/etc/issue.net</code>. Replace the default text with a message compliant with the local site policy or a legal disclaimer. The DoD required text is ...
    Rule Medium Severity
    Show

  • Modify the System Message of the Day Banner

    To configure the system message banner edit <code>/etc/motd</code>. Replace the default text with a message compliant with the local site policy or a legal disclaimer. The DoD required text is eit...
    Rule Medium Severity
    Show

  • Verify Group Ownership of System Login Banner

    To properly set the group owner of /etc/issue, run the command: 
    $ sudo chgrp root /etc/issue
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules