Definition of General System Security Profile SUSE Linux Enterprise Micro (SLEM) 5 for slmicro5

based on not_publicly_available

SLEM-5-SET-01020000: Ensure /tmp Located On Separate Partition

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-SET-01040000: Add nodev Option to /tmp

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-SET-01050000: Add nosuid Option to /tmp

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-SET-01060000: Configure /dev/shm

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-SET-01070000: Add noexec Option to /dev/shm

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-SET-01080000: Add nodev Option to /dev/shm

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-SET-01090000: Add nosuid Option to /dev/shm

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-SET-01100000: Ensure /var Located On Separate Partition

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-SET-01160000: Ensure /var/log/audit Located On Separate Partition

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-SET-01170000: Ensure /home Located On Separate Partition

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-SET-01100000: Ensure /var Located On Separate Partition

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-SET-01180000: Add nodev Option to /home

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-SET-01190000: Add noexec Option to Removable Media Partitions

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-SET-01200000: Add nodev Option to Removable Media Partitions

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-SET-01210000: Add nosuid Option to Removable Media Partitions

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-SET-01220000: Verify that All World-Writable Directories Have Sticky Bits Set

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-SET-01240000: Disable Modprobe Loading of USB Storage Driver

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-SET-02010000: Configure GPG keys

Description: None

Levels:

Automated: no

Selections:

SLEM-5-SET-02020000: Configure package manager repositories

Description: None

Levels:

Automated: no

Selections:

SLEM-5-SET-02030000: Ensure gpgcheck Enabled In Main zypper Configuration

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-SET-03010000: Install sudo Package

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-SET-03020000: Ensure Only Users Logged In To Real tty Can Execute Sudo - sudo use_pty

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-SET-03030000: Ensure Sudo Logfile Exists - sudo logfile

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-SET-03030000: Configure grup.cfg Group/User Ownership and Permissions

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-SET-04010000: The AIDE package must be installed if it is to be available for integrity checking

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-SET-04020000: Configure Systemd Timer Execution of AIDE

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-SET-05010000: Set the Boot Loader Password

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-SET-05030000: Require Authentication for Emergency and Single User mode

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-SET-06020000: Enable NX/XD Support

Description: None

Levels:

Automated: partially

Selections:

SLEM-5-SET-06030000: Enable Randomized Layout of Virtual Address Space

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-SET-08010100: Modify the System Message of the Day Banner

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-SET-08010200: Modify the System Login Banner

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-SET-08010300: Modify the System Login Banner for Remote Connections

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-SET-08010400: Verify Ownership and Permissions of/on Message of the Day Banner

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-SET-08010500: Verify Ownership and Permissions of/on System Login Banner

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-SET-08010600: Verify Ownership and Permissions of/on System Login Banner for Remote Connections

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-SET-09000000: Ensure Software Patches Installed

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-SER-01010000: The xinetd package is uninstalled, and its service is disabled

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-SER-02010100: The Chrony package is installed

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-SER-02010300: Configure the Chrony

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-SER-02030000: Uninstall Avahi Server

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-SER-02040000: Uninstall CUPS

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-SER-02050000: Uninstall DHCP Server

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-SER-02060000: Uninstall openldap-servers

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-SER-02070000: Uninstall nfs-utils

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-SER-02080000: Uninstall rpcbind

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-SER-02090000: Uninstall bind

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-SER-02100000: Uninstall vsftpd

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-SER-02120000: Uninstall dovecot (IMAP/POP3)

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-SER-02130000: Uninstall samba

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-SER-02150000: Uninstall net-snmp

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-SER-02170000: Uninstall rsync

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-SER-02190000: Uninstall telnet-server Package

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-SER-03020000: Uninstall rsh

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-SER-03030000: Uninstall talk

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-SER-04000000: Uninstall nonessential services

Description: None

Levels:

Automated: no

No rules selected

SLEM-5-NET-01010000: Disable IPv6

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-NET-01020000: Deactivate Wireless Network Interfaces

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-NET-02010000: Disable IP Forwarding

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-NET-02020000: Disable Packet Redirect Sending

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-NET-03010000: Disable forwarding source-routed packets

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-NET-03020000: Disable accepting Internet Control Message Protocol (ICMP) redirects

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-NET-03030000: Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv4 Interfaces

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-NET-03040000: Log suspicious packets on all IPv4 interfaces

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-NET-03050000: Enable Kernel Parameter to Ignore ICMP Broadcast Echo Requests on IPv4 Interfaces

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-NET-03060000: Enable Kernel Parameter to Ignore Bogus ICMP Error Responses on IPv4 Interfaces

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-NET-03070000: Enable Reverse Path Filtering on all IPv4 Interfaces

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-NET-03080000: Enable Kernel Parameter to Use TCP Syncookies on Network Interfaces

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-NET-03090000: Disable Accepting Router Advertisements on all IPv6 Interfaces

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-NET-04020000: Disable SCTP Support

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-NET-05010100: Install firewalld

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-NET-05010300: Verify firewalld Enabled

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-NET-05010400: Set Default firewalld Zone for Incoming Packets

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-NET-05010500: Ensure firewalld network interfaces are assigned to appropriate zone

Description: None

Levels:

Automated: no

Selections:

SLEM-5-NET-05010600: Ensure firewalld Unnecessary Services and Ports Are Not Accepted

Description: None

Levels:

Automated: no

Selections:

SLEM-5-AUD-01010100: Ensure the audit Subsystem is Installed

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-AUD-01010200: Enable auditd Service

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-AUD-01020100: Configure auditd Max Log File Size

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-AUD-01020200: Configure auditd max_log_file_action Upon Reaching Maximum Log Size

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-AUD-01020300: Configure auditd actions on Low Disk Space

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-AUD-01030000: Record attempts to modify the date and time

Description: None

Levels:

Automated: partially

Selections:

SLEM-5-AUD-01040000: Collect events that modify user/group information

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-AUD-01050000: Record Events that Modify the System's Network Environment

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-AUD-01060000: Record Events that Modify the System''s Mandatory Access Control

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-AUD-01060000: Collect login and logout events

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-AUD-01080000: Record Attempts to Alter Process and Session Initiation Information

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-AUD-01090000: Collect discretionary access control permission modification events

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-AUD-01100000: Record Unsuccessful Access Attempts to Files - open

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-AUD-01011000: Ensure auditd Collects Information on the Use of Privileged Commands

Description: None

Levels:

Automated: no

No rules selected

SLEM-5-AUD-01012000: Ensure auditd Collects Information on Exporting to Media (successful)

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-AUD-01013000: Ensure auditd Collects File Deletion Events by Users

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-AUD-01014000: Ensure auditd Collects System Administrator Actions

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-AUD-01015000: Record Attempts to perform maintenance activities

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-AUD-01016000: Collect kernel module loading and unloading

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-AUD-01017000: Make the auditd Configuration Immutable

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-AUD-02010500: Configure systemd-journal-remote to send logs to a remote log host

Description: None

Levels:

Automated: no

Selections:

SLEM-5-AUD-02030000: Verify permissions of log files

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-AAA-02010000: Verify Ownership and Permissions of/on SSH Server config file

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-AAA-02020000: Verify Permissions on SSH Server Private *_key Key Files

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-AAA-02030000: Verify Permissions on SSH Server Public *.pub Key Files

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-AAA-02040000: Limit Users' SSH Access

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-AAA-02050000: Set SSH Daemon LogLevel to VERBOSE

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-AAA-02060000: Disable X11 Forwarding

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-AAA-02070000: Set SSH authentication attempt limit

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-AAA-02080000: Disable SSH Support for .rhosts Files

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-AAA-02090000: Disable Host-Based Authentication

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-AAA-02100000: Disable SSH Root Login

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-AAA-02110000: Disable SSH Access via Empty Passwords

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-AAA-02120000: Do Not Allow SSH Environment Options

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-AAA-02130000: Use only strong Ciphers

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-AAA-02140000: Use only strong MAC algorithms

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-AAA-02150000: Use Only Strong Key Exchange algorithms

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-AAA-02160000: Configure SSH Idle Timeout Interval

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-AAA-02170000: Ensure SSH LoginGraceTime is configured

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-AAA-02180000: Configure SSH warning banner

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-AAA-02190000: Enable SSH PAM

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-AAA-02200000: Disable SSH TCP Forwarding

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-AAA-02210000: Ensure SSH MaxStartups is configured

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-AAA-02220000: Set SSH MaxSessions limit

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-AAA-03010000: Configure password creation requirements

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-AAA-03020000: Set Deny For Failed Password Attempts

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-AAA-03030000: Limit Password Reuse

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-AAA-04010100: Verify All Account Password Hashes are Shadowed with SHA512

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-AAA-04010200: Set Existing Passwords Maximum Age

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-AAA-04010300: Set Existing Passwords Minimum Age

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-AAA-04010400: Set and Apply Password Warning Age

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-AAA-04010500: Set Account Expiration Following Inactivity

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-AAA-04010600: Ensure all users last password change date is in the past

Description: None

Levels:

Automated: partially

Selections:

SLEM-5-AAA-04020000: Ensure that System Accounts Do Not Run a Shell Upon Login

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-AAA-04030000: Verify Root Has A Primary GID 0

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-AAA-04040000: Set Interactive Session Timeout

Description: None

Levels:

Automated: partially

Selections:

SLEM-5-AAA-04050000: Ensure the Default Umask is Set Correctly in login.defs

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-AAA-05050000: Restrict direct and virtual console Root Logins

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-AAA-05060000: Enforce Usage of pam_wheel on the System for su Authentication

Description: None

Levels:

Automated: partially

Selections:

SLEM-5-SMA-01010000: Verify and Correct Ownership and File Permissions with RPM

Description: None

Levels:

Automated: no

No rules selected

SLEM-5-SMA-01020000: Configure permissions on /etc/passwd

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-SMA-01030000: Configure permissions on /etc/shadow

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-SMA-01040000: Configure permissions on /etc/group

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-SMA-01050000: Configure permissions on /etc/passwd-

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-SMA-01060000: Configure permissions on /etc/shadow-

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-SMA-01070000: Configure permissions on /etc/group-

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-SMA-01080000: Ensure No World-Writable Files Exist

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-SMA-01090000: Ensure All Files Are Owned by a Use

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-SMA-01100000: Ensure All Files Are Owned by a Group

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-SMA-01110000: Ensure All SUID Executables Are Authorized

Description: None

Levels:

Automated: no

No rules selected

SLEM-5-SMA-01120000: Ensure All SGID Executables Are Authorized

Description: None

Levels:

Automated: no

No rules selected

SLEM-5-SMA-02010000: Verify All Account Password Hashes are Shadowed

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-SMA-02020000: Ensure there are no legacy NIS entries in /etc/passwd and /etc/shadow

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-SMA-02030000: Verify Only Root Has UID 0

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-SMA-02040000: Ensure Root's path Integrity

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-SMA-02050000: All Interactive Users Home Directories Must Exist

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-SMA-02060000: All Interactive User Home Directories Must Have mode 0750 Or Less Permissive

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-SMA-02070000: All Interactive User Home Directories Must Be Group-Owned By The Primary Group

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-SMA-02080000: User Initialization Files Must Not Run World-Writable Programs

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-SMA-02090000: Verify No .forward Files Exist

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-SMA-02100000: Verify No netrc Files Exist

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-SMA-02110000: Ensure users' .netrc Files are not group or world accessible

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-SMA-02120000: Remove Rsh Trust Files

Description: None

Levels:

Automated: no

No rules selected

SLEM-5-SMA-02130000: Ensure all GIDs referenced in /etc/passwd are defined in /etc/group

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-SMA-02140000: Ensure All Accounts on the System Have Unique User IDs

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-SMA-02150000: Ensure All Groups on the System Have Unique Group ID

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-SMA-02160000: Ensure All Accounts on the System Have Unique Names

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-SMA-02170000: Ensure All Groups on the System Have Unique Group Names

Description: None

Levels:

Automated: yes

Selections:

SLEM-5-SMA-02180000: Ensure shadow Group on the System is Empty

Description: None

Levels:

Automated: yes

Selections: