DISA STIG for SUSE Linux Enterprise Micro (SLEM) 5
Rules and Groups employed by this XCCDF Profile
-
Require Re-Authentication When Using the sudo Command
The sudo <code>timestamp_timeout</code> tag sets the amount of time sudo password prompt waits. The default <code>timestamp_timeout</code> value is...Rule Medium Severity -
The operating system must restrict privilege elevation to authorized personnel
The sudo command allows a user to execute programs with elevated (administrator) privileges. It prompts the user for their password and confirms yo...Rule Medium Severity -
Ensure sudo only includes the default configuration directory
Administrators can configure authorized <code>sudo</code> users via drop-in files, and it is possible to include other directories and configuratio...Rule Medium Severity -
Ensure invoking users password for privilege escalation when using sudo
The sudoers security policy requires that users authenticate themselves before they can use sudo. When sudoers requires authentication, it validate...Rule Medium Severity -
Updating Software
The <code>zypper</code> command line tool is used to install and update software packages. The system also provides a graphical software update too...Group -
Ensure zypper Removes Previous Package Versions
<code>zypper</code> should be configured to remove previous software components after new versions have been installed. To configure <code>zypper</...Rule Low Severity -
Ensure gpgcheck Enabled In Main zypper Configuration
The <code>gpgcheck</code> option controls whether RPM packages' signatures are always checked prior to installation. To configure zypper to check p...Rule High Severity -
Ensure Software Patches Installed
If the system is configured for online updates, invoking the following command will list available security updates: <pre>$ sudo zypper refresh &a...Rule Medium Severity -
Warning Banners for System Accesses
Each system should expose as little information about itself as possible. <br> <br> System banners, which are typically displayed just befor...Group -
Modify the System Login Banner
To configure the system login banner edit <code>/etc/issue</code>. Replace the default text with a message compliant with the local site policy or...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.