DISA SLES 12 STIG v2r2

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: DISA SLES 12 STIG v2r2

Updated: 5/17/2022

Authority: Operating Systems and Applications

Plugin: Unix

Revision: 1.5

Estimated Item Count: 287

Audit Items

Description	Categories
DISA_STIG_SLES_12_v2r2.audit from DISA SLES 12 v2r2 STIG
SLES-12-010000 - The SUSE operating system must be a vendor-supported release.	CONFIGURATION MANAGEMENT
SLES-12-010010 - Vendor-packaged SUSE operating system security patches and updates must be installed and up to date.	SYSTEM AND INFORMATION INTEGRITY
SLES-12-010020 - The SUSE operating system must display the Standard Mandatory DoD Notice and Consent Banner until users acknowledge the usage conditions and take explicit actions to log on for further access to the local graphical user interface - filename	ACCESS CONTROL
SLES-12-010020 - The SUSE operating system must display the Standard Mandatory DoD Notice and Consent Banner until users acknowledge the usage conditions and take explicit actions to log on for further access to the local graphical user interface - text-info	ACCESS CONTROL
SLES-12-010020 - The SUSE operating system must display the Standard Mandatory DoD Notice and Consent Banner until users acknowledge the usage conditions and take explicit actions to log on for further access to the local graphical user interface - title	ACCESS CONTROL
SLES-12-010030 - The SUSE operating system must display the Standard Mandatory DoD Notice and Consent Banner before granting access via local console.	ACCESS CONTROL
SLES-12-010040 - The SUSE operating system must display a banner before granting local or remote access to the system via a graphical user logon.	ACCESS CONTROL
SLES-12-010050 - The SUSE operating system must display the approved Standard Mandatory DoD Notice before granting local or remote access to the system via a graphical user logon.	ACCESS CONTROL
SLES-12-010060 - The SUSE operating system must be able to lock the graphical user interface (GUI).	ACCESS CONTROL
SLES-12-010070 - The SUSE operating system must utilize vlock to allow for session locking.	ACCESS CONTROL
SLES-12-010080 - The SUSE operating system must initiate a session lock after a 15-minute period of inactivity for the graphical user interface - GUI.	ACCESS CONTROL
SLES-12-010090 - The SUSE operating system must initiate a session lock after a 15-minute period of inactivity - export	ACCESS CONTROL
SLES-12-010090 - The SUSE operating system must initiate a session lock after a 15-minute period of inactivity - readonly	ACCESS CONTROL
SLES-12-010090 - The SUSE operating system must initiate a session lock after a 15-minute period of inactivity - TMOUT	ACCESS CONTROL
SLES-12-010100 - The SUSE operating system must conceal, via the session lock, information previously visible on the display with a publicly viewable image in the graphical user interface - GUI.	ACCESS CONTROL
SLES-12-010110 - The SUSE operating system must reauthenticate users when changing authenticators, roles, or escalating privileges - !authenticate	ACCESS CONTROL
SLES-12-010110 - The SUSE operating system must reauthenticate users when changing authenticators, roles, or escalating privileges - NOPASSWD	ACCESS CONTROL
SLES-12-010120 - The SUSE operating system must limit the number of concurrent sessions to 10 for all accounts and/or account types.	ACCESS CONTROL
SLES-12-010130 - The SUSE operating system must lock an account after three consecutive invalid access attempts - common-account	ACCESS CONTROL
SLES-12-010130 - The SUSE operating system must lock an account after three consecutive invalid access attempts - common-auth	ACCESS CONTROL
SLES-12-010140 - The SUSE operating system must enforce a delay of at least four (4) seconds between logon prompts following a failed logon attempt.	ACCESS CONTROL
SLES-12-010150 - The SUSE operating system must enforce passwords that contain at least one upper-case character.	IDENTIFICATION AND AUTHENTICATION
SLES-12-010160 - The SUSE operating system must enforce passwords that contain at least one lower-case character.	IDENTIFICATION AND AUTHENTICATION
SLES-12-010170 - The SUSE operating system must enforce passwords that contain at least one numeric character.	IDENTIFICATION AND AUTHENTICATION
SLES-12-010180 - The SUSE operating system must enforce passwords that contain at least one special character.	IDENTIFICATION AND AUTHENTICATION
SLES-12-010190 - The SUSE operating system must require the change of at least eight (8) of the total number of characters when passwords are changed.	IDENTIFICATION AND AUTHENTICATION
SLES-12-010210 - The SUSE operating system must employ FIPS 140-2 approved cryptographic hashing algorithm for system authentication (login.defs).	SYSTEM AND COMMUNICATIONS PROTECTION
SLES-12-010220 - The SUSE operating system must employ FIPS 140-2-approved cryptographic hashing algorithms for all stored passwords.	IDENTIFICATION AND AUTHENTICATION
SLES-12-010230 - The SUSE operating system must configure the Linux Pluggable Authentication Modules (PAM) to only store encrypted representations of passwords - nullok	IDENTIFICATION AND AUTHENTICATION
SLES-12-010230 - The SUSE operating system must configure the Linux Pluggable Authentication Modules (PAM) to only store encrypted representations of passwords - sha512	SYSTEM AND COMMUNICATIONS PROTECTION
SLES-12-010231 - The SUSE operating system must not be configured to allow blank or null passwords.	IDENTIFICATION AND AUTHENTICATION
SLES-12-010240 - The SUSE operating system must employ FIPS 140-2-approved cryptographic hashing algorithms for all stored passwords - SHA_CRYPT_MIN_ROUNDS	SYSTEM AND COMMUNICATIONS PROTECTION
SLES-12-010250 - The SUSE operating system must employ passwords with a minimum of 15 characters.	IDENTIFICATION AND AUTHENTICATION
SLES-12-010260 - The SUSE operating system must be configured to create or update passwords with a minimum lifetime of 24 hours (1 day).	IDENTIFICATION AND AUTHENTICATION
SLES-12-010270 - The SUSE operating system must employ user passwords with a minimum lifetime of 24 hours (1 day).	IDENTIFICATION AND AUTHENTICATION
SLES-12-010280 - The SUSE operating system must be configured to create or update passwords with a maximum lifetime of 60 days.	IDENTIFICATION AND AUTHENTICATION
SLES-12-010290 - The SUSE operating system must employ user passwords with a maximum lifetime of 60 days.	IDENTIFICATION AND AUTHENTICATION
SLES-12-010300 - The SUSE operating system must employ a password history file.	CONFIGURATION MANAGEMENT
SLES-12-010310 - The SUSE operating system must not allow passwords to be reused for a minimum of five (5) generations.	IDENTIFICATION AND AUTHENTICATION
SLES-12-010320 - The SUSE operating system must prevent the use of dictionary words for passwords.	ACCESS CONTROL
SLES-12-010330 - The SUSE operating system must never automatically remove or disable emergency administrator accounts.	ACCESS CONTROL
SLES-12-010340 - The SUSE operating system must disable account identifiers (individuals, groups, roles, and devices) after 35 days of inactivity after password expiration.	ACCESS CONTROL
SLES-12-010360 - The SUSE operating system must provision temporary accounts with an expiration date for 72 hours.
SLES-12-010370 - The SUSE operating system must enforce a delay of at least four seconds between logon prompts following a failed logon attempt.	CONFIGURATION MANAGEMENT
SLES-12-010380 - The SUSE operating system must not allow unattended or automatic logon via the graphical user interface - GUI.	IDENTIFICATION AND AUTHENTICATION
SLES-12-010390 - The SUSE operating system must display the date and time of the last successful account logon upon logon.	ACCESS CONTROL
SLES-12-010400 - There must be no .shosts files on the SUSE operating system.	CONFIGURATION MANAGEMENT
SLES-12-010410 - There must be no shosts.equiv files on the SUSE operating system.	CONFIGURATION MANAGEMENT
SLES-12-010420 - FIPS 140-2 mode must be enabled on the SUSE operating system.	SYSTEM AND COMMUNICATIONS PROTECTION

Detections

Analytics

DISA SLES 12 STIG v2r2

Warning! Audit Deprecated

Audit Details

Audit Items