Skip to content

I - Mission Critical Classified

Rules and Groups employed by this XCCDF Profile

  • SRG-OS-000077-GPOS-00045

    <GroupDescription></GroupDescription>
    Group
  • The SUSE operating system must employ a password history file.

    &lt;VulnDiscussion&gt;Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute...
    Rule Medium Severity
  • SRG-OS-000077-GPOS-00045

    <GroupDescription></GroupDescription>
    Group
  • The SUSE operating system must not allow passwords to be reused for a minimum of five (5) generations.

    &lt;VulnDiscussion&gt;Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute...
    Rule Medium Severity
  • SRG-OS-000480-GPOS-00225

    <GroupDescription></GroupDescription>
    Group
  • The SUSE operating system must prevent the use of dictionary words for passwords.

    &lt;VulnDiscussion&gt;If the SUSE operating system allows the user to select passwords based on dictionary words, this increases the chances of pas...
    Rule Medium Severity
  • SRG-OS-000123-GPOS-00064

    <GroupDescription></GroupDescription>
    Group
  • The SUSE operating system must never automatically remove or disable emergency administrator accounts.

    &lt;VulnDiscussion&gt;Emergency accounts are privileged accounts that are established in response to crisis situations where the need for rapid acc...
    Rule Medium Severity
  • SRG-OS-000118-GPOS-00060

    <GroupDescription></GroupDescription>
    Group
  • The SUSE operating system must disable account identifiers (individuals, groups, roles, and devices) after 35 days of inactivity after password expiration.

    &lt;VulnDiscussion&gt;Inactive identifiers pose a risk to systems and applications because attackers may exploit an inactive identifier and potenti...
    Rule Medium Severity
  • SRG-OS-000480-GPOS-00226

    <GroupDescription></GroupDescription>
    Group
  • The SUSE operating system must enforce a delay of at least four seconds between logon prompts following a failed logon attempt.

    &lt;VulnDiscussion&gt;Limiting the number of logon attempts over a certain time interval reduces the chances that an unauthorized user may gain acc...
    Rule Medium Severity
  • SRG-OS-000480-GPOS-00229

    <GroupDescription></GroupDescription>
    Group
  • The SUSE operating system must not allow unattended or automatic logon via the graphical user interface.

    &lt;VulnDiscussion&gt;Failure to restrict system access to authenticated users negatively impacts SUSE operating system security.&lt;/VulnDiscussio...
    Rule High Severity
  • SRG-OS-000480-GPOS-00227

    <GroupDescription></GroupDescription>
    Group
  • The SUSE operating system must display the date and time of the last successful account logon upon logon.

    &lt;VulnDiscussion&gt;Providing users with feedback on when account accesses last occurred facilitates user recognition and reporting of unauthoriz...
    Rule Low Severity
  • SRG-OS-000480-GPOS-00227

    <GroupDescription></GroupDescription>
    Group
  • There must be no .shosts files on the SUSE operating system.

    &lt;VulnDiscussion&gt;The .shosts files are used to configure host-based authentication for individual users or the system via SSH. Host-based auth...
    Rule High Severity
  • SRG-OS-000480-GPOS-00227

    <GroupDescription></GroupDescription>
    Group
  • There must be no shosts.equiv files on the SUSE operating system.

    &lt;VulnDiscussion&gt;The shosts.equiv files are used to configure host-based authentication for the system via SSH. Host-based authentication is n...
    Rule High Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules