DISA_STIG_SLES_15_v2r2.audit from DISA SUSE Linux Enterprise Server 15 v2r2 STIG | |
SLES-15-010000 - The SUSE operating system must be a vendor-supported release. | SYSTEM AND INFORMATION INTEGRITY |
SLES-15-010010 - Vendor-packaged SUSE operating system security patches and updates must be installed and up to date. | SYSTEM AND INFORMATION INTEGRITY |
SLES-15-010020 - The SUSE operating system must display the Standard Mandatory DOD Notice and Consent Banner before granting access via local console. | ACCESS CONTROL |
SLES-15-010030 - The SUSE operating system must not have the vsftpd package installed if not required for operational support. | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
SLES-15-010040 - The SUSE operating system must display the Standard Mandatory DOD Notice and Consent Banner before granting access via SSH. | ACCESS CONTROL |
SLES-15-010050 - The SUSE operating system must display the Standard Mandatory DoD Notice and Consent Banner until users acknowledge the usage conditions and take explicit actions to log on for further access to the local graphical user interface (GUI) - GUI. | ACCESS CONTROL |
SLES-15-010050 - The SUSE operating system must display the Standard Mandatory DoD Notice and Consent Banner until users acknowledge the usage conditions and take explicit actions to log on for further access to the local graphical user interface (GUI). | ACCESS CONTROL |
SLES-15-010060 - The SUSE operating system file /etc/gdm/banner must contain the Standard Mandatory DoD Notice and Consent banner text. | ACCESS CONTROL |
SLES-15-010080 - The SUSE operating system must display a banner before granting local or remote access to the system via a graphical user logon. | ACCESS CONTROL |
SLES-15-010090 - The SUSE operating system must display the approved Standard Mandatory DoD Notice before granting local or remote access to the system via a graphical user logon. | ACCESS CONTROL |
SLES-15-010100 - The SUSE operating system must be able to lock the graphical user interface (GUI). | ACCESS CONTROL |
SLES-15-010110 - The SUSE operating system must utilize vlock to allow for session locking. | ACCESS CONTROL |
SLES-15-010120 - The SUSE operating system must initiate a session lock after a 15-minute period of inactivity for the graphical user interface (GUI). | ACCESS CONTROL |
SLES-15-010130 - The SUSE operating system must initiate a session lock after a 10-minute period of inactivity. | ACCESS CONTROL |
SLES-15-010140 - The SUSE operating system must conceal, via the session lock, information previously visible on the display with a publicly viewable image in the graphical user interface (GUI). | ACCESS CONTROL |
SLES-15-010150 - The SUSE operating system must log SSH connection attempts and failures to the server. | ACCESS CONTROL |
SLES-15-010160 - The SUSE operating system must implement DOD-approved encryption to protect the confidentiality of SSH remote connections. | ACCESS CONTROL |
SLES-15-010170 - The SUSE operating system, for PKI-based authentication, must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor. | IDENTIFICATION AND AUTHENTICATION |
SLES-15-010180 - The SUSE operating system must not have the telnet-server package installed. | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
SLES-15-010190 - SUSE operating systems with a basic input/output system (BIOS) must require authentication upon booting into single-user and maintenance modes. | ACCESS CONTROL |
SLES-15-010200 - SUSE operating systems with Unified Extensible Firmware Interface (UEFI) implemented must require authentication upon booting into single-user mode and maintenance. | ACCESS CONTROL |
SLES-15-010220 - The SUSE operating system must be configured to prohibit or restrict the use of functions, ports, protocols, and/or services as defined in the Ports, Protocols, and Services Management (PPSM) Category Assignments List (CAL) and vulnerability assessments. | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
SLES-15-010230 - The SUSE operating system must not have duplicate User IDs (UIDs) for interactive users. | IDENTIFICATION AND AUTHENTICATION |
SLES-15-010240 - The SUSE operating system must disable the file system automounter unless required. | IDENTIFICATION AND AUTHENTICATION |
SLES-15-010260 - The SUSE operating system must employ FIPS 140-2 approved cryptographic hashing algorithm for system authentication (login.defs). | IDENTIFICATION AND AUTHENTICATION |
SLES-15-010270 - The SUSE operating system SSH daemon must be configured to only use Message Authentication Codes (MACs) employing FIPS 140-2 approved cryptographic hash algorithms. | ACCESS CONTROL, MAINTENANCE |
SLES-15-010280 - The SUSE operating system SSH daemon must be configured with a timeout interval. | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
SLES-15-010300 - The sticky bit must be set on all SUSE operating system world-writable directories. | SYSTEM AND COMMUNICATIONS PROTECTION |
SLES-15-010310 - The SUSE operating system must be configured to use TCP syncookies. | SYSTEM AND COMMUNICATIONS PROTECTION |
SLES-15-010320 - The SUSE operating system for all network connections associated with SSH traffic must immediately terminate at the end of the session or after 10 minutes of inactivity. | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
SLES-15-010330 - All SUSE operating system persistent disk partitions must implement cryptographic mechanisms to prevent unauthorized disclosure or modification of all information that requires at-rest protection. | SYSTEM AND COMMUNICATIONS PROTECTION |
SLES-15-010340 - The SUSE operating system must generate error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries. | SYSTEM AND INFORMATION INTEGRITY |
SLES-15-010350 - The SUSE operating system must prevent unauthorized users from accessing system error messages. | SYSTEM AND INFORMATION INTEGRITY |
SLES-15-010351 - The SUSE operating system library files must have mode 0755 or less permissive. | CONFIGURATION MANAGEMENT |
SLES-15-010352 - The SUSE operating system library directories must have mode 0755 or less permissive. | CONFIGURATION MANAGEMENT |
SLES-15-010353 - The SUSE operating system library files must be owned by root. | CONFIGURATION MANAGEMENT |
SLES-15-010354 - The SUSE operating system library directories must be owned by root. | CONFIGURATION MANAGEMENT |
SLES-15-010355 - The SUSE operating system library files must be group-owned by root. | CONFIGURATION MANAGEMENT |
SLES-15-010356 - The SUSE operating system library directories must be group-owned by root. | CONFIGURATION MANAGEMENT |
SLES-15-010357 - The SUSE operating system must have system commands set to a mode of 0755 or less permissive. | CONFIGURATION MANAGEMENT |
SLES-15-010358 - The SUSE operating system must have directories that contain system commands set to a mode of 0755 or less permissive. | CONFIGURATION MANAGEMENT |
SLES-15-010359 - The SUSE operating system must have system commands owned by root. | CONFIGURATION MANAGEMENT |
SLES-15-010360 - The SUSE operating system must have directories that contain system commands owned by root. | CONFIGURATION MANAGEMENT |
SLES-15-010361 - The SUSE operating system must have system commands group-owned by root or a system account. | CONFIGURATION MANAGEMENT |
SLES-15-010362 - The SUSE operating system must have directories that contain system commands group-owned by root. | CONFIGURATION MANAGEMENT |
SLES-15-010370 - The SUSE operating system must have a firewall system installed to immediately disconnect or disable remote access to the whole operating system. | ACCESS CONTROL |
SLES-15-010375 - The SUSE operating system must restrict access to the kernel message buffer. | SYSTEM AND COMMUNICATIONS PROTECTION |
SLES-15-010380 - The SUSE operating system wireless network adapters must be disabled unless approved and documented. | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
SLES-15-010390 - SUSE operating system AppArmor tool must be configured to control whitelisted applications and user home directory access control. | ACCESS CONTROL, CONFIGURATION MANAGEMENT |