CIS SUSE Linux Enterprise 15 Workstation L2 v1.0.0

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS SUSE Linux Enterprise 15 Workstation L2 v1.0.0

Updated: 3/22/2022

Authority: CIS

Plugin: Unix

Revision: 1.4

Estimated Item Count: 136

File Details

Filename: CIS_SUSE_Linux_Enterprise_15_Workstation_v1.0.0_L2.audit

Size: 421 kB

MD5: 09bb5e40715bdca5f81fa98af4ec8e51

SHA256: c23dcd771a6d9eaa9879ad9f1a558223245487df0d3ee4987ec68db04311e1bb

Audit Items

Description	Categories
1.1.1.1 Ensure mounting of squashfs filesystems is disabled	CONFIGURATION MANAGEMENT
1.1.1.3 Ensure mounting of FAT filesystems is limited - EFI	CONFIGURATION MANAGEMENT
1.1.1.3 Ensure mounting of FAT filesystems is limited - lsmod fat	CONFIGURATION MANAGEMENT
1.1.1.3 Ensure mounting of FAT filesystems is limited - lsmod msdos	CONFIGURATION MANAGEMENT
1.1.1.3 Ensure mounting of FAT filesystems is limited - lsmod vfat	CONFIGURATION MANAGEMENT
1.1.1.3 Ensure mounting of FAT filesystems is limited - modprobe fat	CONFIGURATION MANAGEMENT
1.1.1.3 Ensure mounting of FAT filesystems is limited - modprobe msdos	CONFIGURATION MANAGEMENT
1.1.1.3 Ensure mounting of FAT filesystems is limited - modprobe vfat	CONFIGURATION MANAGEMENT
1.1.10 Ensure separate partition exists for /var	CONFIGURATION MANAGEMENT
1.1.11 Ensure separate partition exists for /var/tmp	CONFIGURATION MANAGEMENT
1.1.15 Ensure separate partition exists for /var/log	CONFIGURATION MANAGEMENT
1.1.16 Ensure separate partition exists for /var/log/audit	AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT
1.1.17 Ensure separate partition exists for /home	CONFIGURATION MANAGEMENT
1.1.23 Disable Automounting
1.7.1.4 Ensure all AppArmor Profiles are enforcing	ACCESS CONTROL
1.7.1.4 Ensure all AppArmor Profiles are enforcing - profiles complain	ACCESS CONTROL
1.7.1.4 Ensure all AppArmor Profiles are enforcing - profiles loaded	ACCESS CONTROL
2.2.3 Ensure Avahi Server is not installed - avahi	CONFIGURATION MANAGEMENT
2.2.3 Ensure Avahi Server is not installed - avahi-autoipd	CONFIGURATION MANAGEMENT
3.1.1 Disable IPv6 - grub.cfg	SYSTEM AND INFORMATION INTEGRITY
3.1.1 Disable IPv6 - sysctl all disable_ipv6	CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION
3.1.1 Disable IPv6 - sysctl default disable_ipv6	CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION
3.1.1 Disable IPv6 - sysctl.conf all disable_ipv6	CONFIGURATION MANAGEMENT
3.1.1 Disable IPv6 - sysctl.conf default disable_ipv6	CONFIGURATION MANAGEMENT
3.1.2 Ensure wireless interfaces are disabled - interfaces	CONFIGURATION MANAGEMENT
3.1.2 Ensure wireless interfaces are disabled - iw list	CONFIGURATION MANAGEMENT
3.4.1 Ensure DCCP is disabled - lsmod	CONFIGURATION MANAGEMENT
3.4.1 Ensure DCCP is disabled - modprobe	CONFIGURATION MANAGEMENT
3.4.2 Ensure SCTP is disabled - lsmod	CONFIGURATION MANAGEMENT
3.4.2 Ensure SCTP is disabled - modprobe	CONFIGURATION MANAGEMENT
4.1.1.1 Ensure auditd is installed	CONFIGURATION MANAGEMENT
4.1.1.2 Ensure auditd service is enabled and running - enabled	AUDIT AND ACCOUNTABILITY
4.1.1.2 Ensure auditd service is enabled and running - running	AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, MAINTENANCE
4.1.1.3 Ensure auditing for processes that start prior to auditd is enabled	SYSTEM AND INFORMATION INTEGRITY
4.1.2.1 Ensure audit log storage size is configured	AUDIT AND ACCOUNTABILITY
4.1.2.2 Ensure audit logs are not automatically deleted	AUDIT AND ACCOUNTABILITY
4.1.2.3 Ensure system is disabled when audit logs are full - action_mail_acct	AUDIT AND ACCOUNTABILITY
4.1.2.3 Ensure system is disabled when audit logs are full - admin_space_left_action	AUDIT AND ACCOUNTABILITY
4.1.2.3 Ensure system is disabled when audit logs are full - space_left_action	AUDIT AND ACCOUNTABILITY
4.1.2.4 Ensure audit_backlog_limit is sufficient	AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY
4.1.3 Ensure events that modify date and time information are collected - auditctl b32 /etc/localtime	AUDIT AND ACCOUNTABILITY
4.1.3 Ensure events that modify date and time information are collected - auditctl b32 adjtimex	AUDIT AND ACCOUNTABILITY
4.1.3 Ensure events that modify date and time information are collected - auditctl b32 clock_settime	AUDIT AND ACCOUNTABILITY
4.1.3 Ensure events that modify date and time information are collected - auditctl b64 adjtimex	AUDIT AND ACCOUNTABILITY
4.1.3 Ensure events that modify date and time information are collected - auditctl b64 clock_settime	AUDIT AND ACCOUNTABILITY
4.1.3 Ensure events that modify date and time information are collected - b32 /etc/localtime	AUDIT AND ACCOUNTABILITY
4.1.3 Ensure events that modify date and time information are collected - b32 adjtimex	AUDIT AND ACCOUNTABILITY
4.1.3 Ensure events that modify date and time information are collected - b32 clock_settime	AUDIT AND ACCOUNTABILITY
4.1.3 Ensure events that modify date and time information are collected - b64 adjtimex	AUDIT AND ACCOUNTABILITY
4.1.3 Ensure events that modify date and time information are collected - b64 clock_settime	AUDIT AND ACCOUNTABILITY

Detections

Analytics

CIS SUSE Linux Enterprise 15 Workstation L2 v1.0.0

Warning! Audit Deprecated

Audit Details

File Details

Audit Items