Skip to content

I - Mission Critical Classified

Rules and Groups employed by this XCCDF Profile

  • SRG-OS-000047-GPOS-00023

    <GroupDescription></GroupDescription>
    Group
  • The SUSE operating system audit system must take appropriate action when the audit storage volume is full.

    &lt;VulnDiscussion&gt;It is critical that when the SUSE operating system is at risk of failing to process audit logs as required, it takes action t...
    Rule Medium Severity
  • SRG-OS-000342-GPOS-00133

    <GroupDescription></GroupDescription>
    Group
  • The audit-audispd-plugins must be installed on the SUSE operating system.

    &lt;VulnDiscussion&gt;Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is a common...
    Rule Medium Severity
  • SRG-OS-000342-GPOS-00133

    <GroupDescription></GroupDescription>
    Group
  • The SUSE operating system audit event multiplexor must be configured to use Kerberos.

    &lt;VulnDiscussion&gt;Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Allowing devices and us...
    Rule Low Severity
  • SRG-OS-000342-GPOS-00133

    <GroupDescription></GroupDescription>
    Group
  • Audispd must off-load audit records onto a different system or media from the SUSE operating system being audited.

    &lt;VulnDiscussion&gt;Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is a common...
    Rule Low Severity
  • SRG-OS-000479-GPOS-00224

    <GroupDescription></GroupDescription>
    Group
  • The audit system must take appropriate action when the network cannot be used to off-load audit records.

    &lt;VulnDiscussion&gt;Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is a common...
    Rule Medium Severity
  • SRG-OS-000479-GPOS-00224

    <GroupDescription></GroupDescription>
    Group
  • Audispd must take appropriate action when the SUSE operating system audit storage is full.

    &lt;VulnDiscussion&gt;Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is a common...
    Rule Medium Severity
  • SRG-OS-000057-GPOS-00027

    <GroupDescription></GroupDescription>
    Group
  • The SUSE operating system must protect audit rules from unauthorized modification.

    &lt;VulnDiscussion&gt;Without the capability to restrict which roles and individuals can select which events are audited, unauthorized personnel ma...
    Rule Medium Severity
  • SRG-OS-000256-GPOS-00097

    <GroupDescription></GroupDescription>
    Group
  • The SUSE operating system audit tools must have the proper permissions configured to protect against unauthorized access.

    &lt;VulnDiscussion&gt;Protecting audit information also includes identifying and protecting the tools used to view and manipulate log data. Therefo...
    Rule Medium Severity
  • SRG-OS-000480-GPOS-00227

    <GroupDescription></GroupDescription>
    Group
  • The SUSE operating system must not disable syscall auditing.

    &lt;VulnDiscussion&gt;By default, the SUSE operating system includes the "-a task,never" audit rule as a default. This rule suppresses syscall audi...
    Rule Medium Severity
  • SRG-OS-000004-GPOS-00004

    <GroupDescription></GroupDescription>
    Group
  • The SUSE operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.

    &lt;VulnDiscussion&gt;Once an attacker establishes initial access to a system, the attacker often attempts to create a persistent method of reestab...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules