Detections
Analytics

CIS SUSE Linux Enterprise Workstation 12 L1 v2.1.0

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS SUSE Linux Enterprise Workstation 12 L1 v2.1.0

Updated: 6/2/2021

Authority: CIS

Plugin: Unix

Revision: 1.24

Estimated Item Count: 273

Audit Changelog

 
Revision 1.24

Jun 2, 2021

Miscellaneous
  • Audit deprecated.
  • Metadata updated.
  • References updated.
Revision 1.23

Apr 8, 2021

Functional Update
  • 1.3.2 Ensure filesystem integrity is regularly checked
  • 3.6.2 Ensure default deny firewall policy - FORWARD
  • 3.6.2 Ensure default deny firewall policy - INPUT
  • 3.6.2 Ensure default deny firewall policy - OUTPUT
Miscellaneous
  • Metadata updated.
  • Platform check updated.
  • References updated.
Revision 1.22

Oct 14, 2020

Functional Update
  • 4.2.4 Ensure permissions on all logfiles are configured
Revision 1.21

Oct 5, 2020

Functional Update
  • 1.5.2 Ensure XD/NX support is enabled
  • 1.7.2 Ensure GDM login banner is configured - banner-message-enable
  • 1.7.2 Ensure GDM login banner is configured - banner-message-text
  • 1.7.2 Ensure GDM login banner is configured - file-db
  • 1.7.2 Ensure GDM login banner is configured - system-db
  • 1.7.2 Ensure GDM login banner is configured - user-db
  • 2.2.1.1 Ensure time synchronization is in use
  • 2.2.1.2 Ensure ntp is configured - ntp:ntp
  • 2.2.1.2 Ensure ntp is configured - restrict -4
  • 2.2.1.2 Ensure ntp is configured - restrict -6
  • 2.2.1.2 Ensure ntp is configured - server
  • 2.2.1.3 Ensure chrony is configured - options
  • 2.2.1.3 Ensure chrony is configured - server
  • 3.3.1 Ensure IPv6 router advertisements are not accepted - sysctl ipv6 all accept
  • 3.3.1 Ensure IPv6 router advertisements are not accepted - sysctl ipv6 default accept
  • 3.3.1 Ensure IPv6 router advertisements are not accepted - sysctl.conf ipv6 all accept
  • 3.3.1 Ensure IPv6 router advertisements are not accepted - sysctl.conf ipv6 default accept
  • 3.3.2 Ensure IPv6 redirects are not accepted - sysctl ipv6 all accept
  • 3.3.2 Ensure IPv6 redirects are not accepted - sysctl ipv6 default accept
  • 3.3.2 Ensure IPv6 redirects are not accepted - sysctl.conf ipv6 all accept
  • 3.3.2 Ensure IPv6 redirects are not accepted - sysctl.conf ipv6 default accept
  • 4.2.1.1 Ensure rsyslog Service is enabled
  • 4.2.1.2 ensure logging is configured - '*.*;mail.none;news.none -/var/log/messages'
  • 4.2.1.2 ensure logging is configured - '*.=warning;*.=err -/var/log/warn'
  • 4.2.1.2 ensure logging is configured - '*.crit /var/log/warn'
  • 4.2.1.2 ensure logging is configured - '*.emerg :omusrmsg:*'
  • 4.2.1.2 ensure logging is configured - 'local0,local1.* -/var/log/localmessages'
  • 4.2.1.2 ensure logging is configured - 'local2,local3.* -/var/log/localmessages'
  • 4.2.1.2 ensure logging is configured - 'local4,local5.* -/var/log/localmessages'
  • 4.2.1.2 ensure logging is configured - 'local6,local7.* -/var/log/localmessages'
  • 4.2.1.2 ensure logging is configured - 'mail.* -/var/log/mail'
  • 4.2.1.2 ensure logging is configured - 'mail.err /var/log/mail.err'
  • 4.2.1.2 ensure logging is configured - 'mail.info -/var/log/mail.info'
  • 4.2.1.2 ensure logging is configured - 'mail.warning -/var/log/mail.warn'
  • 4.2.1.2 ensure logging is configured - 'news.crit -/var/log/news/news.crit'
  • 4.2.1.2 ensure logging is configured - 'news.err -/var/log/news/news.err'
  • 4.2.1.2 ensure logging is configured - 'news.notice -/var/log/news/news.notice'
  • 4.2.1.3 Ensure rsyslog default file permissions configured - rsyslog.conf/rsyslog.d
  • 4.2.1.4 Ensure rsyslog is configured to send logs to a remote log host - rsyslog.conf/rsyslogd.
  • 4.2.1.5 Ensure remote rsyslog messages are only accepted on designated log hosts - '$InputTCPServerRun 514' - rsyslog.conf/rsyslog.d
  • 4.2.1.5 Ensure remote rsyslog messages are only accepted on designated log hosts - '$ModLoad imtcp.so' - rsyslog.conf/rsyslog.d
  • 4.2.2.1 Ensure syslog-ng service is enabled
  • 4.2.2.2 Ensure logging is configured
  • 4.2.2.3 Ensure syslog-ng default file permissions configured
  • 4.2.2.4 Ensure syslog-ng is configured to send logs to a remote log host - 'destination logserver'
  • 4.2.2.4 Ensure syslog-ng is configured to send logs to a remote log host - 'log'
  • 4.2.2.5 Ensure remote syslog-ng messages are only accepted on designated log hosts
  • 4.2.3 Ensure rsyslog or syslog-ng is installed
Miscellaneous
  • Platform check updated.
Revision 1.20

Sep 30, 2020

Functional Update
  • 6.2.10 Ensure users' dot files are not group or world writable
Revision 1.19

Sep 29, 2020

Miscellaneous
  • References updated.
Revision 1.18

Sep 16, 2020

Miscellaneous
  • Variables updated.
Revision 1.17

Aug 25, 2020

Functional Update
  • 5.4.1.1 Ensure password expiration is 365 days or less - users
Revision 1.16

Aug 13, 2020

Functional Update
  • 1.4.3 Ensure authentication required for single user mode - emergency
  • 1.4.3 Ensure authentication required for single user mode - rescue
  • 2.2.1.2 Ensure ntp is configured - restrict -4
  • 2.2.1.2 Ensure ntp is configured - restrict -6
  • 3.3.3 Ensure IPv6 is disabled
Revision 1.15

Aug 5, 2020

Functional Update
  • 5.4.4 Ensure default user umask is 027 or more restrictive - /etc/profile.local /etc/profile.d/*.sh