Definition of DRAFT Basis System Security Profile SUSE Linux Enterprise 16 for sle16

SLES-16-16016700: SLE16 system should have system for checking its integrity

Description: None

Levels:

pcidss4

Automated: yes

Selections:

aide_build_database: Build and Test AIDE Database
aide_periodic_checking_systemd_timer: Configure Systemd Timer Execution of AIDE

SLES-16-16016500: Enable the selinuxuser_execmod SELinux Boolean in SLE16

Description: None

Levels:

hipaa

Automated: yes

Selections:

sebool_selinuxuser_execmod: Enable the selinuxuser_execmod SELinux Boolean

SLES-16-16016505: Enable service for audit logs in SLE16

Description: None

Levels:

hipaa

Automated: yes

Selections:

service_auditd_enabled: Enable auditd Service

SLES-16-16016510: Enable remote logging functionality in SLE16

Description: None

Levels:

hipaa

Automated: yes

Selections:

rsyslog_remote_loghost: Ensure Logs Sent To Remote Host

SLES-16-16016515: SLE16 system should capture invalid login access attempts

Description: None

Levels:

pcidss4

Automated: yes

Selections:

display_login_attempts: Ensure PAM Displays Last Logon/Access Notification

SLES-16-16016520: SLE16 system should audit syscalls

Description: None

Levels:

pcidss4

Automated: yes

Selections:

audit_rules_enable_syscall_auditing: Remove Default Configuration to Disable Syscall Auditing

SLES-16-16016525: SLE16 system should audit renameat2 syscalls

Description: None

Levels:

pcidss4
anssi_minimal
hipaa

Automated: yes

Selections:

audit_rules_file_deletion_events_renameat2: Ensure auditd Collects File Deletion Events by User - renameat2

SLES-16-16016530: SLE16 system should audit SELinux settings modifications

Description: None

Levels:

pcidss4
anssi_minimal

Automated: yes

Selections:

audit_rules_mac_modification_etc_selinux: Record Events that Modify the System's Mandatory Access Controls (/etc/selinux)

SLES-16-16016535: SLE16 system should record the computer node name in the audit events

Description: None

Levels:

pcidss4

Automated: yes

Selections:

auditd_name_format: Set type of computer node name logging in audit logs
var_auditd_name_format = fqd

SLES-16-16016540: SLE16 system should audit fchmodat2 syscalls

Description: None

Levels:

pcidss4
anssi_minimal
hipaa

Automated: yes

Selections:

audit_rules_dac_modification_fchmodat2: Record Events that Modify the System's Discretionary Access Controls - fchmodat2

SLES-16-16016400: Enable NX/XD Support

Description: None

Levels:

pcidss4

Automated: partially

Selections:

bios_enable_execution_restrictions: Enable NX or XD Support in the BIOS
install_PAE_kernel_on_x86-32: Install PAE Kernel on Supported 32-bit x86 Systems

SLES-16-16016005: SLES 16 must be a vendor-supported release.

Description: None

Levels:

pcidss4
anssi_minimal

Automated: yes

Selections:

installed_OS_is_vendor_supported: The Installed Operating System Is Vendor Supported

SLES-16-16016010: SLES 16 should restrict serial port root logins

Description: None

Levels:

hipaa

Automated: yes

Selections:

restrict_serial_port_logins: Restrict Serial Port Root Logins

SLES-16-16016100: Ensure All Files Are Owned by a Group

Description: None

Levels:

anssi_minimal

Automated: yes

Selections:

file_permissions_ungroupowned: Ensure All Files Are Owned by a Group

SLES-16-16016105: Ensure All Files Are Owned by a User

Description: None

Levels:

anssi_minimal

Automated: yes

Selections:

no_files_unowned_by_user: Ensure All Files Are Owned by a User