Detections
Analytics

CIS SUSE Linux Enterprise Server 12 L2 v3.0.0

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS SUSE Linux Enterprise Server 12 L2 v3.0.0

Updated: 8/23/2022

Authority: CIS

Plugin: Unix

Revision: 1.5

Estimated Item Count: 126

File Details

Filename: CIS_SUSE_Linux_Enterprise_Server_12_v3.0.0_L2.audit

Size: 378 kB

MD5: 3f4fb4b72aed7eaef62a40291f4cd9e8
SHA256: eb1225f2ff3b5460d21f11b49b2a52e86fa25d150fe6ba8a3b4afd0ffadd68f8

Audit Changelog

 
Revision 1.5

Aug 23, 2022

Miscellaneous
  • Audit deprecated.
  • Metadata updated.
  • References updated.
Revision 1.4

Apr 25, 2022

Miscellaneous
  • Metadata updated.
Revision 1.3

Apr 1, 2022

Informational Update
  • 1.1.1.1 Ensure mounting of squashfs filesystems is disabled
  • 1.1.10 Ensure separate partition exists for /var
  • 1.1.11 Ensure separate partition exists for /var/tmp
  • 1.1.15 Ensure separate partition exists for /var/log
  • 1.1.16 Ensure separate partition exists for /var/log/audit
  • 1.1.17 Ensure separate partition exists for /home
  • 1.6.1.4 Ensure all AppArmor Profiles are enforcing
  • 1.6.1.4 Ensure all AppArmor Profiles are enforcing - profiles complain
  • 1.6.1.4 Ensure all AppArmor Profiles are enforcing - profiles loaded
  • 3.1.1 Disable IPv6 - grub.cfg
  • 3.1.1 Disable IPv6 - sysctl all disable_ipv6
  • 3.1.1 Disable IPv6 - sysctl default disable_ipv6
  • 3.1.1 Disable IPv6 - sysctl.conf all disable_ipv6
  • 3.1.1 Disable IPv6 - sysctl.conf default disable_ipv6
  • 3.4.1 Ensure DCCP is disabled - lsmod
  • 3.4.1 Ensure DCCP is disabled - modprobe
  • 3.4.2 Ensure SCTP is disabled - lsmod
  • 3.4.2 Ensure SCTP is disabled - modprobe
  • 4.1.1.1 Ensure auditd is installed
  • 4.1.1.2 Ensure auditd service is enabled and running - enabled
  • 4.1.1.2 Ensure auditd service is enabled and running - running
  • 4.1.1.3 Ensure auditing for processes that start prior to auditd is enabled
  • 4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - auditctl b32 EACCES
  • 4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - auditctl b32 EPERM
  • 4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - auditctl b64 EACCES
  • 4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - auditctl b64 EPERM
  • 4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - b32 EACCES
  • 4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - b32 EPERM
  • 4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - b64 EACCES
  • 4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - b64 EPERM
  • 4.1.11 Ensure use of privileged commands is collected
  • 4.1.12 Ensure successful file system mounts are collected - 32b mount
  • 4.1.12 Ensure successful file system mounts are collected - auditctl 32b mount
  • 4.1.12 Ensure successful file system mounts are collected - auditctl b64 mount
  • 4.1.12 Ensure successful file system mounts are collected - b64 mount
  • 4.1.13 Ensure file deletion events by users are collected - auditctl b32 delete
  • 4.1.13 Ensure file deletion events by users are collected - auditctl b64 delete
  • 4.1.13 Ensure file deletion events by users are collected - b32 delete
  • 4.1.13 Ensure file deletion events by users are collected - b64 delete
  • 4.1.14 Ensure changes to system administration scope (sudoers) is collected - auditctl sudoers
  • 4.1.14 Ensure changes to system administration scope (sudoers) is collected - auditctl sudoers.d
  • 4.1.14 Ensure changes to system administration scope (sudoers) is collected - sudoers
  • 4.1.14 Ensure changes to system administration scope (sudoers) is collected - sudoers.d
  • 4.1.15 Ensure system administrator command executions (sudo) are collected - auditctl b32 actions
  • 4.1.15 Ensure system administrator command executions (sudo) are collected - auditctl b64 actions
  • 4.1.15 Ensure system administrator command executions (sudo) are collected - b32 actions
  • 4.1.15 Ensure system administrator command executions (sudo) are collected - b64 actions
  • 4.1.16 Ensure kernel module loading and unloading is collected - auditctl init_module, delete_module
  • 4.1.16 Ensure kernel module loading and unloading is collected - auditctl insmod
  • 4.1.16 Ensure kernel module loading and unloading is collected - auditctl modprobe
  • 4.1.16 Ensure kernel module loading and unloading is collected - auditctl rmmod
  • 4.1.16 Ensure kernel module loading and unloading is collected - init_module, delete_module
  • 4.1.16 Ensure kernel module loading and unloading is collected - insmod
  • 4.1.16 Ensure kernel module loading and unloading is collected - modprobe
  • 4.1.16 Ensure kernel module loading and unloading is collected - rmmod
  • 4.1.17 Ensure the audit configuration is immutable
  • 4.1.2.1 Ensure audit log storage size is configured
  • 4.1.2.2 Ensure audit logs are not automatically deleted
  • 4.1.2.3 Ensure system is disabled when audit logs are full - action_mail_acct
  • 4.1.2.3 Ensure system is disabled when audit logs are full - admin_space_left_action
  • 4.1.2.3 Ensure system is disabled when audit logs are full - space_left_action
  • 4.1.2.4 Ensure audit_backlog_limit is sufficient
  • 4.1.3 Ensure events that modify date and time information are collected - auditctl b32 /etc/localtime
  • 4.1.3 Ensure events that modify date and time information are collected - auditctl b32 adjtimex
  • 4.1.3 Ensure events that modify date and time information are collected - auditctl b32 clock_settime
  • 4.1.3 Ensure events that modify date and time information are collected - auditctl b64 adjtimex
  • 4.1.3 Ensure events that modify date and time information are collected - auditctl b64 clock_settime
  • 4.1.3 Ensure events that modify date and time information are collected - b32 /etc/localtime
  • 4.1.3 Ensure events that modify date and time information are collected - b32 adjtimex
  • 4.1.3 Ensure events that modify date and time information are collected - b32 clock_settime
  • 4.1.3 Ensure events that modify date and time information are collected - b64 adjtimex
  • 4.1.3 Ensure events that modify date and time information are collected - b64 clock_settime
  • 4.1.4 Ensure events that modify user/group information are collected - /etc/group
  • 4.1.4 Ensure events that modify user/group information are collected - /etc/gshadow
  • 4.1.4 Ensure events that modify user/group information are collected - /etc/passwd
  • 4.1.4 Ensure events that modify user/group information are collected - /etc/security/opasswd
  • 4.1.4 Ensure events that modify user/group information are collected - /etc/shadow
  • 4.1.4 Ensure events that modify user/group information are collected - auditctl /etc/group
  • 4.1.4 Ensure events that modify user/group information are collected - auditctl /etc/gshadow
  • 4.1.4 Ensure events that modify user/group information are collected - auditctl /etc/passwd
  • 4.1.4 Ensure events that modify user/group information are collected - auditctl /etc/security/opasswd
  • 4.1.4 Ensure events that modify user/group information are collected - auditctl /etc/shadow
  • 4.1.5 Ensure events that modify the system's network environment are collected - /etc/hosts
  • 4.1.5 Ensure events that modify the system's network environment are collected - /etc/issue
  • 4.1.5 Ensure events that modify the system's network environment are collected - /etc/issue.net
  • 4.1.5 Ensure events that modify the system's network environment are collected - /etc/sysconfig/network
  • 4.1.5 Ensure events that modify the system's network environment are collected - auditctl /etc/hosts
  • 4.1.5 Ensure events that modify the system's network environment are collected - auditctl /etc/issue
  • 4.1.5 Ensure events that modify the system's network environment are collected - auditctl /etc/issue.net
  • 4.1.5 Ensure events that modify the system's network environment are collected - auditctl /etc/sysconfig/network
  • 4.1.5 Ensure events that modify the system's network environment are collected - auditctl b32 sethostname
  • 4.1.5 Ensure events that modify the system's network environment are collected - auditctl b64 sethostname
  • 4.1.5 Ensure events that modify the system's network environment are collected - b32 sethostname
  • 4.1.5 Ensure events that modify the system's network environment are collected - b64 sethostname
  • 4.1.6 Ensure events that modify the system's Mandatory Access Controls are collected - /etc/selinux
  • 4.1.6 Ensure events that modify the system's Mandatory Access Controls are collected - /usr/share/selinux
  • 4.1.6 Ensure events that modify the system's Mandatory Access Controls are collected - auditctl /etc/selinux
  • 4.1.6 Ensure events that modify the system's Mandatory Access Controls are collected - auditctl /usr/share/selinux
  • 4.1.7 Ensure login and logout events are collected - /var/log/faillog
  • 4.1.7 Ensure login and logout events are collected - /var/log/lastlog
  • 4.1.7 Ensure login and logout events are collected - /var/log/tallylog
  • 4.1.7 Ensure login and logout events are collected - auditctl /var/log/faillog
  • 4.1.7 Ensure login and logout events are collected - auditctl /var/log/lastlog
  • 4.1.7 Ensure login and logout events are collected - auditctl /var/log/tallylog
  • 4.1.8 Ensure session initiation information is collected - /var/log/btmp
  • 4.1.8 Ensure session initiation information is collected - /var/log/wtmp
  • 4.1.8 Ensure session initiation information is collected - /var/run/utmp
  • 4.1.8 Ensure session initiation information is collected - auditctl /var/log/btmp
  • 4.1.8 Ensure session initiation information is collected - auditctl /var/log/wtmp
  • 4.1.8 Ensure session initiation information is collected - auditctl /var/run/utmp
  • 4.1.9 Ensure discretionary access control permission modification events are collected - auditctl b32 chmod
  • 4.1.9 Ensure discretionary access control permission modification events are collected - auditctl b32 chown
  • 4.1.9 Ensure discretionary access control permission modification events are collected - auditctl b32 xattr
  • 4.1.9 Ensure discretionary access control permission modification events are collected - auditctl b64 chmod
  • 4.1.9 Ensure discretionary access control permission modification events are collected - auditctl b64 chown
  • 4.1.9 Ensure discretionary access control permission modification events are collected - auditctl b64 xattr
  • 4.1.9 Ensure discretionary access control permission modification events are collected - b32 chmod
  • 4.1.9 Ensure discretionary access control permission modification events are collected - b32 chown
  • 4.1.9 Ensure discretionary access control permission modification events are collected - b32 xattr
  • 4.1.9 Ensure discretionary access control permission modification events are collected - b64 chmod
  • 4.1.9 Ensure discretionary access control permission modification events are collected - b64 chown
  • 4.1.9 Ensure discretionary access control permission modification events are collected - b64 xattr
  • 5.3.21 Ensure SSH AllowTcpForwarding is disabled
  • 5.3.7 Ensure SSH X11 forwarding is disabled
Miscellaneous
  • References updated.
Revision 1.2

Mar 29, 2022

Miscellaneous
  • Metadata updated.
  • References updated.
Revision 1.1

Jun 17, 2021

Miscellaneous
  • Metadata updated.
  • References updated.