Skip to content
Log In

III - Administrative Public

Rules and Groups employed by this XCCDF Profile

  • SRG-OS-000480-GPOS-00227

    Group
    Show

  • The SUSE operating system must not be performing Internet Protocol version 6 (IPv6) packet forwarding by default unless the system is a router.

    Routing protocol daemons are typically used on routers to exchange network topology information with other routers. If this software is used when not required, system network information may be unn...
    Rule Medium Severity
    Show

  • SRG-OS-000480-GPOS-00227

    Group
    Show

  • The SUSE operating system must not have network interfaces in promiscuous mode unless approved and documented.

    Network interfaces in promiscuous mode allow for the capture of all network traffic visible to the system. If unauthorized individuals can access these applications, it may allow then to collect in...
    Rule Medium Severity
    Show

  • SRG-OS-000480-GPOS-00227

    Group
    Show

  • All SUSE operating system files and directories must have a valid owner.

    Unowned files and directories may be unintentionally inherited if a user is assigned the same User Identifier (UID) as the UID of the unowned files.
    Rule Medium Severity
    Show

  • SRG-OS-000480-GPOS-00227

    Group
    Show

  • All SUSE operating system files and directories must have a valid group owner.

    Files without a valid group owner may be unintentionally inherited if a group is assigned the same Group Identifier (GID) as the GID of the files without a valid group owner.
    Rule Medium Severity
    Show

  • SRG-OS-000480-GPOS-00228

    Group
    Show

  • The SUSE operating system default permissions must be defined in such a way that all authenticated users can only read and modify their own files.

    Setting the most restrictive default permissions ensures that when new accounts are created, they do not have unnecessary access.
    Rule Medium Severity
    Show

  • SRG-OS-000480-GPOS-00229

    Group
    Show

  • The SUSE operating system must not allow unattended or automatic logon via the graphical user interface (GUI).

    Failure to restrict system access to authenticated users negatively impacts SUSE operating system security.
    Rule High Severity
    Show

  • SRG-OS-000480-GPOS-00229

    Group
    Show

  • The SUSE operating system must not allow unattended or automatic logon via SSH.

    Failure to restrict system access via SSH to authenticated users negatively impacts SUSE operating system security.
    Rule High Severity
    Show

  • SRG-OS-000480-GPOS-00227

    Group
    Show

  • The SUSE operating system must specify the default "include" directory for the /etc/sudoers file.

    The "sudo" command allows authorized users to run programs (including shells) as other users, system users, and root. The "/etc/sudoers" file is used to configure authorized "sudo" users as well as...
    Rule Medium Severity
    Show

  • SRG-OS-000373-GPOS-00156

    Group
    Show

  • The SUSE operating system must not be configured to bypass password requirements for privilege escalation.

    Without re-authentication, users may access resources or perform tasks for which they do not have authorization. When operating systems provide the capability to escalate a functional capability,...
    Rule Medium Severity
    Show

  • SRG-OS-000480-GPOS-00227

    Group
    Show

  • The SUSE operating system must not have accounts configured with blank or null passwords.

    If an account has an empty password, anyone could log on and run commands with the privileges of that account. Accounts with empty passwords should never be used in operational environments.
    Rule High Severity
    Show

  • SRG-OS-000250-GPOS-00093

    Group
    Show

  • The SUSE operating system SSH server must be configured to use only FIPS-validated key exchange algorithms.

    Without cryptographic integrity protections provided by FIPS-validated cryptographic algorithms, information can be viewed and altered by unauthorized users without detection. The system will atte...
    Rule Medium Severity
    Show

  • SRG-OS-000138-GPOS-00069

    Group
    Show

  • The SUSE operating system must restrict access to the kernel message buffer.

    Restricting access to the kernel message buffer limits access only to root. This prevents attackers from gaining additional system information as a nonprivileged user.
    Rule Low Severity
    Show

  • SRG-OS-000363-GPOS-00150

    Group
    Show

  • The SUSE operating system must use a file integrity tool to verify correct operation of all security functions.

    Without verification of the security functions, security functions may not operate correctly, and the failure may go unnoticed. Security function is defined as the hardware, software, and/or firmwa...
    Rule Medium Severity
    Show

  • SRG-OS-000123-GPOS-00064

    Group
    Show

  • The SUSE operating system must automatically expire temporary accounts within 72 hours.

    Temporary accounts are privileged or nonprivileged accounts that are established during pressing circumstances, such as new software or hardware configuration or an incident response, where the nee...
    Rule Medium Severity
    Show

  • SRG-OS-000363-GPOS-00150

    Group
    Show

  • The SUSE operating system must be configured to allow sending email notifications of unauthorized configuration changes to designated personnel.

    Unauthorized changes to the baseline configuration could make the system vulnerable to various attacks or allow unauthorized access to the operating system. Changes to operating system configuratio...
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules