Skip to content

III - Administrative Sensitive

Rules and Groups employed by this XCCDF Profile

  • SRG-OS-000480-GPOS-00227

    <GroupDescription></GroupDescription>
    Group
  • The SUSE operating system must display the date and time of the last successful account logon upon logon.

    &lt;VulnDiscussion&gt;Providing users with feedback on when account accesses last occurred facilitates user recognition and reporting of unauthoriz...
    Rule Low Severity
  • SRG-OS-000480-GPOS-00227

    <GroupDescription></GroupDescription>
    Group
  • The SUSE operating system must not have unnecessary accounts.

    &lt;VulnDiscussion&gt;Accounts providing no operational purpose provide additional opportunities for system compromise. Unnecessary accounts includ...
    Rule Medium Severity
  • SRG-OS-000480-GPOS-00227

    <GroupDescription></GroupDescription>
    Group
  • The SUSE operating system must not have unnecessary account capabilities.

    &lt;VulnDiscussion&gt;Accounts providing no operational purpose provide additional opportunities for system compromise. Therefore all necessary non...
    Rule Medium Severity
  • SRG-OS-000480-GPOS-00227

    <GroupDescription></GroupDescription>
    Group
  • The SUSE operating system root account must be the only account with unrestricted access to the system.

    &lt;VulnDiscussion&gt;If an account other than root also has a User Identifier (UID) of "0", it has root authority, giving that account unrestricte...
    Rule High Severity
  • SRG-OS-000480-GPOS-00227

    <GroupDescription></GroupDescription>
    Group
  • The SUSE operating system must restrict privilege elevation to authorized personnel.

    &lt;VulnDiscussion&gt;The sudo command allows a user to execute programs with elevated (administrator) privileges. It prompts the user for their pa...
    Rule Medium Severity
  • SRG-OS-000373-GPOS-00156

    <GroupDescription></GroupDescription>
    Group
  • The SUSE operating system must require reauthentication when using the "sudo" command.

    &lt;VulnDiscussion&gt;Without reauthentication, users may access resources or perform tasks for which they do not have authorization. When operat...
    Rule Medium Severity
  • SRG-OS-000480-GPOS-00227

    <GroupDescription></GroupDescription>
    Group
  • The SUSE operating system must use the invoking user's password for privilege escalation when using "sudo".

    &lt;VulnDiscussion&gt;The sudoers security policy requires that users authenticate themselves before they can use sudo. When sudoers requires authe...
    Rule Medium Severity
  • SRG-OS-000480-GPOS-00227

    <GroupDescription></GroupDescription>
    Group
  • All SUSE operating system local interactive user accounts, upon creation, must be assigned a home directory.

    &lt;VulnDiscussion&gt;If local interactive users are not assigned a valid home directory, there is no place for the storage and control of files th...
    Rule Medium Severity
  • SRG-OS-000480-GPOS-00227

    <GroupDescription></GroupDescription>
    Group
  • The SUSE operating system must display the date and time of the last successful account logon upon an SSH logon.

    &lt;VulnDiscussion&gt;Providing users with feedback on when account accesses via SSH last occurred facilitates user recognition and reporting of un...
    Rule Medium Severity
  • SRG-OS-000069-GPOS-00037

    <GroupDescription></GroupDescription>
    Group
  • The SUSE operating system must enforce passwords that contain at least one uppercase character.

    &lt;VulnDiscussion&gt;Use of a complex password helps increase the time and resources required to compromise the password. Password complexity, or ...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules