No profile (default benchmark)
Rules and Groups employed by this XCCDF Profile
-
SRG-OS-000480-GPOS-00227
Group -
The SUSE operating system must not be performing Internet Protocol version 6 (IPv6) packet forwarding unless the system is a router.
Routing protocol daemons are typically used on routers to exchange network topology information with other routers. If this software is used when not required, system network information may be unn...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
Group -
The SUSE operating system must not be performing Internet Protocol version 6 (IPv6) packet forwarding by default unless the system is a router.
Routing protocol daemons are typically used on routers to exchange network topology information with other routers. If this software is used when not required, system network information may be unn...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
Group -
The SUSE operating system must specify the default "include" directory for the /etc/sudoers file.
The "sudo" command allows authorized users to run programs (including shells) as other users, system users, and root. The "/etc/sudoers" file is used to configure authorized "sudo" users as well as...Rule Medium Severity -
SRG-OS-000373-GPOS-00156
Group -
The SUSE operating system must not be configured to bypass password requirements for privilege escalation.
Without re-authentication, users may access resources or perform tasks for which they do not have authorization. When operating systems provide the capability to escalate a functional capability,...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
Group -
The SUSE operating system must not have accounts configured with blank or null passwords.
If an account has an empty password, anyone could log on and run commands with the privileges of that account. Accounts with empty passwords should never be used in operational environments.Rule High Severity -
SRG-OS-000037-GPOS-00015
Group -
The SUSE operating system must generate audit records for all uses of the unlink, unlinkat, rename, renameat and rmdir syscalls.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an in...Rule Medium Severity -
SRG-OS-000250-GPOS-00093
Group -
The SUSE operating system SSH server must be configured to use only FIPS-validated key exchange algorithms.
Without cryptographic integrity protections provided by FIPS-validated cryptographic algorithms, information can be viewed and altered by unauthorized users without detection. The system will atte...Rule Medium Severity -
SRG-OS-000138-GPOS-00069
Group -
The SUSE operating system must restrict access to the kernel message buffer.
Restricting access to the kernel message buffer limits access only to root. This prevents attackers from gaining additional system information as a nonprivileged user.Rule Low Severity -
SRG-OS-000363-GPOS-00150
Group -
The SUSE operating system must use a file integrity tool to verify correct operation of all security functions.
Without verification of the security functions, security functions may not operate correctly, and the failure may go unnoticed. Security function is defined as the hardware, software, and/or firmwa...Rule Medium Severity -
SRG-OS-000123-GPOS-00064
Group -
The SUSE operating system must automatically expire temporary accounts within 72 hours.
Temporary accounts are privileged or nonprivileged accounts that are established during pressing circumstances, such as new software or hardware configuration or an incident response, where the nee...Rule Medium Severity -
SRG-OS-000363-GPOS-00150
Group -
The SUSE operating system must be configured to allow sending email notifications of unauthorized configuration changes to designated personnel.
Unauthorized changes to the baseline configuration could make the system vulnerable to various attacks or allow unauthorized access to the operating system. Changes to operating system configuratio...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.