SLES 12 STIG SCAP Benchmark
Open a previous version of this SCAP benchmark.
- RMF Control
- SI-2
- Severity
- H
- CCI
- CCI-001230
- Version
- SLES-12-010000
- Vuln IDs
- V-217101
- Rule IDs
- SV-217101r991589_rule
Fix: F-18327r369460_fix
Upgrade the SUSE operating system to a version supported by the vendor. If the system is not registered with the SUSE Customer Center, register the system against the correct subscription. If the system requires Long-Term Service Pack Support (LTSS), obtain the correct LTSS subscription for the system.
- RMF Control
- AC-11
- Severity
- L
- CCI
- CCI-000060
- Version
- SLES-12-010070
- Vuln IDs
- V-217108
- Rule IDs
- SV-217108r1015204_rule
Fix: F-36320r602673_fix
Allow users to lock the console by installing the "kbd" package using zypper: # sudo zypper install kbd
- RMF Control
- IA-11
- Severity
- H
- CCI
- CCI-002038
- Version
- SLES-12-010110
- Vuln IDs
- V-217112
- Rule IDs
- SV-217112r1015205_rule
Fix: F-18338r369493_fix
Configure the SUSE operating system to remove any occurrence of "NOPASSWD" or "!authenticate" found in the "/etc/sudoers" file. If the system does not use passwords for authentication, the "NOPASSWD" tag may exist in the file.
- RMF Control
- AC-10
- Severity
- L
- CCI
- CCI-000054
- Version
- SLES-12-010120
- Vuln IDs
- V-217113
- Rule IDs
- SV-217113r958398_rule
Fix: F-18339r902833_fix
Configure the SUSE operating system to limit the number of concurrent sessions to 10 or less for all accounts and/or account types. Add the following line to "/etc/security/limits.conf" or /etc/security/limits.d/*.conf file: * hard maxlogins 10
- RMF Control
- CM-6
- Severity
- M
- CCI
- CCI-000366
- Version
- SLES-12-010140
- Vuln IDs
- V-217116
- Rule IDs
- SV-217116r991588_rule
Fix: F-18342r369505_fix
Configure the SUSE operating system to enforce a delay of at least four (4) seconds between logon prompts following a failed logon attempt. Add or update the following variable in "/etc/login.defs" to match the line below ("FAIL_DELAY" must have a value of "4" or higher): FAIL_DELAY 4
- RMF Control
- IA-7
- Severity
- M
- CCI
- CCI-000803
- Version
- SLES-12-010210
- Vuln IDs
- V-217122
- Rule IDs
- SV-217122r971535_rule
Fix: F-18348r646688_fix
Configure the SUSE operating system to require "ENCRYPT_METHOD" of "SHA512". Edit the "/etc/login.defs" file with the following line: ENCRYPT_METHOD SHA512
- RMF Control
- IA-7
- Severity
- M
- CCI
- CCI-000803
- Version
- SLES-12-010220
- Vuln IDs
- V-217123
- Rule IDs
- SV-217123r1015211_rule
Fix: F-18349r646691_fix
Configure the SUSE operating system to encrypt all stored passwords with a strong cryptographic hash. Edit/modify the following line in the "/etc/login.defs" file and set "ENCRYPT_METHOD" to have a value of "SHA512". ENCRYPT_METHOD SHA512 Lock all interactive user accounts not using SHA512 hashing until the passwords can be regenerated.
- RMF Control
- IA-7
- Severity
- M
- CCI
- CCI-000803
- Version
- SLES-12-010240
- Vuln IDs
- V-217126
- Rule IDs
- SV-217126r1015213_rule
Fix: F-18352r369535_fix
Configure the SUSE operating system to encrypt all stored passwords with a strong cryptographic hash. Edit/modify the following line in the "/etc/login.defs" file and set "SHA_CRYPT_MIN_ROUNDS" to a value no lower than "5000": SHA_CRYPT_MIN_ROUNDS 5000
- RMF Control
- IA-5
- Severity
- M
- CCI
- CCI-000198
- Version
- SLES-12-010260
- Vuln IDs
- V-217128
- Rule IDs
- SV-217128r1015215_rule
Fix: F-18354r646694_fix
Configure the SUSE operating system to enforce 24 hours/one day or greater as the minimum password age. Edit the file "/etc/login.defs" and add or correct the following line. Replace [DAYS] with the appropriate amount of days: PASS_MIN_DAYS [DAYS] The DoD requirement is "1" but a greater value is acceptable.
- RMF Control
- IA-5
- Severity
- M
- CCI
- CCI-000198
- Version
- SLES-12-010270
- Vuln IDs
- V-217129
- Rule IDs
- SV-217129r1015216_rule
Fix: F-18355r646697_fix
Configure the SUSE operating system to enforce 24 hours/one day or greater as the minimum password age for user accounts. Change the minimum time period between password changes for each [USER] account to "1" day with the command, replacing [USER] with the user account that must be changed: > sudo passwd -n 1 [USER]
- RMF Control
- IA-5
- Severity
- M
- CCI
- CCI-000199
- Version
- SLES-12-010280
- Vuln IDs
- V-217130
- Rule IDs
- SV-217130r1015217_rule
Fix: F-18356r646700_fix
Configure the SUSE operating system to enforce a maximum password age of 60 days or less. Edit the file "/etc/login.defs" and add or correct the following line. Replace [DAYS] with the appropriate amount of days: PASS_MAX_DAYS [DAYS] The DoD requirement is 60 days or less (greater than zero, as zero days will lock the account immediately).
- RMF Control
- IA-5
- Severity
- M
- CCI
- CCI-000199
- Version
- SLES-12-010290
- Vuln IDs
- V-217131
- Rule IDs
- SV-217131r1015218_rule
Fix: F-18357r646703_fix
Configure the SUSE operating system to enforce a maximum password age of each [USER] account to 60 days. The command in the check text will give a list of users that need to be updated to be in compliance: > sudo passwd -x 60 [USER] The DoD requirement is 60 days.
- RMF Control
- CM-6
- Severity
- H
- CCI
- CCI-000366
- Version
- SLES-12-010380
- Vuln IDs
- V-217139
- Rule IDs
- SV-217139r991591_rule
Fix: F-18365r646706_fix
Note: If a graphical user interface is not installed, this requirement is Not Applicable. Configure the SUSE operating system graphical user interface to not allow unattended or automatic logon to the system. Add or edit the following lines in the "/etc/sysconfig/displaymanager" configuration file: DISPLAYMANAGER_AUTOLOGIN="" DISPLAYMANAGER_PASSWORD_LESS_LOGIN="no"
- RMF Control
- CM-6
- Severity
- H
- CCI
- CCI-000366
- Version
- SLES-12-010400
- Vuln IDs
- V-217141
- Rule IDs
- SV-217141r991589_rule
Fix: F-18367r369580_fix
Remove any ".shosts" files found on the SUSE operating system. # rm /[path]/[to]/[file]/.shosts
- RMF Control
- CM-6
- Severity
- H
- CCI
- CCI-000366
- Version
- SLES-12-010410
- Vuln IDs
- V-217142
- Rule IDs
- SV-217142r991589_rule
Fix: F-18368r369583_fix
Remove any "shosts.equiv" files found on the SUSE operating system. # rm /[path]/[to]/[file]/shosts.equiv
- RMF Control
- SC-13
- Severity
- M
- CCI
- CCI-002450
- Version
- SLES-12-010420
- Vuln IDs
- V-217143
- Rule IDs
- SV-217143r959006_rule
Fix: F-18369r369586_fix
To configure the SUSE operating system to run in FIPS mode, add "fips=1" to the kernel parameter during the SUSE operating system install. Enabling FIPS mode on a preexisting system involves a number of modifications to the SUSE operating system. Refer to section 9.1, "Crypto Officer Guidance", of the following document for installation guidance: http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp2435.pdf
- RMF Control
- CM-6
- Severity
- M
- CCI
- CCI-000366
- Version
- SLES-12-010620
- Vuln IDs
- V-217161
- Rule IDs
- SV-217161r991590_rule
Fix: F-18387r369640_fix
Configure the SUSE operating system to define the default permissions for all authenticated users in such a way that the users can only read and modify their own files. Add or edit the "UMASK" parameter in the "/etc/login.defs" file to match the example below: UMASK 077
- RMF Control
- CM-6
- Severity
- H
- CCI
- CCI-000366
- Version
- SLES-12-010650
- Vuln IDs
- V-217164
- Rule IDs
- SV-217164r991589_rule
Fix: F-18390r369649_fix
Change the UID of any account on the SUSE operating system, other than the root account, that has a UID of "0". If the account is associated with system commands or applications, the UID should be changed to one greater than "0" but less than "1000". Otherwise, assign a UID of greater than "1000" that has not already been assigned.
- RMF Control
- CM-6
- Severity
- M
- CCI
- CCI-000366
- Version
- SLES-12-010720
- Vuln IDs
- V-217171
- Rule IDs
- SV-217171r991589_rule
Fix: F-18397r369670_fix
Configure the SUSE operating system to assign home directories to all new local interactive users by setting the "CREATE_HOME" parameter in "/etc/login.defs" to "yes" as follows. CREATE_HOME yes
- RMF Control
- CM-6
- Severity
- M
- CCI
- CCI-000366
- Version
- SLES-12-010810
- Vuln IDs
- V-217180
- Rule IDs
- SV-217180r991589_rule
Fix: F-18406r369697_fix
Configure the SUSE operating system "/etc/fstab" file to use the "nosuid" option on file systems that are being exported via NFS.
- RMF Control
- CM-6
- Severity
- M
- CCI
- CCI-000366
- Version
- SLES-12-010820
- Vuln IDs
- V-217181
- Rule IDs
- SV-217181r991589_rule
Fix: F-18407r369700_fix
Configure the SUSE operating system "/etc/fstab" file to use the "noexec" option on file systems that are being exported via NFS.
- RMF Control
- CM-6
- Severity
- L
- CCI
- CCI-000366
- Version
- SLES-12-010860
- Vuln IDs
- V-217185
- Rule IDs
- SV-217185r991589_rule
Fix: F-18411r369712_fix
Create a separate file system/partition on the SUSE operating system for "/var". Migrate "/var" onto the separate file system/partition.
- RMF Control
- AU-12
- Severity
- M
- CCI
- CCI-000172
- Version
- SLES-12-020000
- Vuln IDs
- V-217190
- Rule IDs
- SV-217190r1015221_rule
Fix: F-18416r369727_fix
The SUSE operating system auditd package must be installed on the system. If it is not installed, use the following command to install it: # sudo zypper in auditd
- RMF Control
- CM-6
- Severity
- M
- CCI
- CCI-000366
- Version
- SLES-12-020010
- Vuln IDs
- V-217191
- Rule IDs
- SV-217191r958412_rule
Fix: F-18417r369730_fix
Enable the SUSE operating system auditd service by performing the following commands: # sudo systemctl enable auditd.service # sudo systemctl start auditd.service
- RMF Control
- AU-4
- Severity
- M
- CCI
- CCI-001851
- Version
- SLES-12-020070
- Vuln IDs
- V-217197
- Rule IDs
- SV-217197r958754_rule
Fix: F-18423r369748_fix
Install the "audit-audispd-plugins" package on the SUSE operating system by running the following command: # sudo zypper install audit-audispd-plugins In /etc/audisp/plugins.d/au-remote.conf, change the value of "active" to "yes", or add "active = yes" if no such setting exists in the file.
- RMF Control
- AC-2
- Severity
- M
- CCI
- CCI-001403
- Version
- SLES-12-020200
- Vuln IDs
- V-217205
- Rule IDs
- SV-217205r1015222_rule
Fix: F-18431r369772_fix
Configure the SUSE operating system to generate an audit record when all modifications to the "/etc/passwd" file occur. Add or update the following rule to "/etc/audit/rules.d/audit.rules": -w /etc/passwd -p wa -k account_mod The audit daemon must be restarted for any changes to take effect. # sudo systemctl restart auditd.service
- RMF Control
- AC-2
- Severity
- M
- CCI
- CCI-000018
- Version
- SLES-12-020210
- Vuln IDs
- V-217206
- Rule IDs
- SV-217206r1015223_rule
Fix: F-18432r369775_fix
Configure the SUSE operating system to generate an audit record when all modifications to the "/etc/group" file occur. Add or update the following rule to "/etc/audit/rules.d/audit.rules": -w /etc/group -p wa -k account_mod The audit daemon must be restarted for any changes to take effect. # sudo systemctl restart auditd.service
- RMF Control
- AC-2
- Severity
- M
- CCI
- CCI-001403
- Version
- SLES-12-020220
- Vuln IDs
- V-217207
- Rule IDs
- SV-217207r1015224_rule
Fix: F-18433r369778_fix
Configure the SUSE operating system to generate an audit record when all modifications to the "/etc/shadow" file occur. Add or update the following rule to "/etc/audit/rules.d/audit.rules": -w /etc/shadow -p wa -k account_mod The audit daemon must be restarted for any changes to take effect. # sudo systemctl restart auditd.service
- RMF Control
- AC-2
- Severity
- M
- CCI
- CCI-000018
- Version
- SLES-12-020230
- Vuln IDs
- V-217208
- Rule IDs
- SV-217208r1015225_rule
Fix: F-18434r369781_fix
Configure the SUSE operating system to generate an audit record when all modifications to the "/etc/security/opasswd" file occur. Add or update the following rule to "/etc/audit/rules.d/audit.rules": -w /etc/security/opasswd -p wa -k account_mod The audit daemon must be restarted for any changes to take effect. # sudo systemctl restart auditd.service
- RMF Control
- AU-7
- Severity
- L
- CCI
- CCI-001877
- Version
- SLES-12-020240
- Vuln IDs
- V-217209
- Rule IDs
- SV-217209r1015226_rule
Fix: F-18435r369784_fix
Configure the operating system to audit the execution of privileged functions. Add or update the following rules in "/etc/audit/rules.d/audit.rules": -a always,exit -F arch=b32 -S execve -C uid!=euid -F euid=0 -k setuid -a always,exit -F arch=b64 -S execve -C uid!=euid -F euid=0 -k setuid -a always,exit -F arch=b32 -S execve -C gid!=egid -F egid=0 -k setgid -a always,exit -F arch=b64 -S execve -C gid!=egid -F egid=0 -k setgid The audit daemon must be restarted for the changes to take effect. # sudo systemctl restart auditd.service
- RMF Control
- AU-12
- Severity
- M
- CCI
- CCI-000172
- Version
- SLES-12-020250
- Vuln IDs
- V-217210
- Rule IDs
- SV-217210r958412_rule
Fix: F-18436r622359_fix
Configure the SUSE operating system to generate an audit record for all uses of the "su" command. Add or update the following rules in the "/etc/audit/rules.d/audit.rules" file: -a always,exit -F path=/usr/bin/su -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-priv_change The audit daemon must be restarted for the changes to take effect. # sudo systemctl restart auditd.service
- RMF Control
- AU-12
- Severity
- L
- CCI
- CCI-000169
- Version
- SLES-12-020260
- Vuln IDs
- V-217211
- Rule IDs
- SV-217211r958412_rule
Fix: F-18437r622362_fix
Configure the SUSE operating system to generate an audit record for all uses of the "sudo" command. Add or update the following rules in the "/etc/audit/rules.d/audit.rules" file: -a always,exit -F path=/usr/bin/sudo -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-sudo The audit daemon must be restarted for the changes to take effect. # sudo systemctl restart auditd.service
- RMF Control
- AU-12
- Severity
- L
- CCI
- CCI-000172
- Version
- SLES-12-020280
- Vuln IDs
- V-217212
- Rule IDs
- SV-217212r958412_rule
Fix: F-18438r622365_fix
Configure the SUSE operating system to generate an audit record for all uses the "chfn" command. Add or update the following rules in the "/etc/audit/rules.d/audit.rules" file: -a always,exit -F path=/usr/bin/chfn -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-chfn The audit daemon must be restarted for the changes to take effect. # sudo systemctl restart auditd.service
- RMF Control
- AU-12
- Severity
- L
- CCI
- CCI-000169
- Version
- SLES-12-020290
- Vuln IDs
- V-217213
- Rule IDs
- SV-217213r958412_rule
Fix: F-18439r369796_fix
Configure the SUSE operating system to generate an audit record for all uses the "mount" command. Add or update the following rules to "/etc/audit/rules.d/audit.rules": -a always,exit -F arch=b32 -S mount -F auid>=1000 -F auid!=4294967295 -k privileged-mount -a always,exit -F arch=b64 -S mount -F auid>=1000 -F auid!=4294967295 -k privileged-mount -a always,exit -F path=/usr/bin/mount -F auid>=1000 -F auid!=4294967295 -k privileged-mount The audit daemon must be restarted for any changes to take effect. # sudo systemctl restart auditd.service
- RMF Control
- AU-3
- Severity
- L
- CCI
- CCI-000130
- Version
- SLES-12-020300
- Vuln IDs
- V-217214
- Rule IDs
- SV-217214r958412_rule
Fix: F-18440r369799_fix
Configure the SUSE operating system to generate an audit record for all uses the "umount" command. Add or update the following rules to "/etc/audit/rules.d/audit.rules": -a always,exit -F arch=b32 -S umount -F auid>=1000 -F auid!=4294967295 -k privileged-umount -a always,exit -F arch=b32 -S umount2 -F auid>=1000 -F auid!=4294967295 -k privileged-umount -a always,exit -F arch=b64 -S umount2 -F auid>=1000 -F auid!=4294967295 -k privileged-umount The audit daemon must be restarted for any changes to take effect. # sudo systemctl restart auditd.service
- RMF Control
- AU-12
- Severity
- L
- CCI
- CCI-000169
- Version
- SLES-12-020310
- Vuln IDs
- V-217215
- Rule IDs
- SV-217215r958412_rule
Fix: F-18441r622368_fix
Configure the SUSE operating system to generate an audit record for all uses the "ssh-agent" command. Add or update the following rules in the "/etc/audit/rules.d/audit.rules" file: -a always,exit -F path=/usr/bin/ssh-agent -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-ssh-agent The audit daemon must be restarted for the changes to take effect. # sudo systemctl restart auditd.service
- RMF Control
- AU-3
- Severity
- L
- CCI
- CCI-000130
- Version
- SLES-12-020320
- Vuln IDs
- V-217216
- Rule IDs
- SV-217216r958412_rule
Fix: F-18442r622371_fix
Configure the SUSE operating system to generate an audit record for all uses the "ssh-keysign" command. Add or update the following rules in the "/etc/audit/rules.d/audit.rules" file: -a always,exit -F path=/usr/lib/ssh/ssh-keysign -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-ssh-keysign The audit daemon must be restarted for the changes to take effect. # sudo systemctl restart auditd.service
- RMF Control
- AU-12
- Severity
- M
- CCI
- CCI-000169
- Version
- SLES-12-020360
- Vuln IDs
- V-217217
- Rule IDs
- SV-217217r958412_rule
Fix: F-18443r369808_fix
Configure the SUSE operating system to audit the execution of the module management program "kmod" by adding the following line to "/etc/audit/rules.d/audit.rules": -w /usr/bin/kmod -p x -k modules The audit daemon must be restarted for any changes to take effect. # sudo systemctl restart auditd.service
- RMF Control
- AU-3
- Severity
- M
- CCI
- CCI-000130
- Version
- SLES-12-020370
- Vuln IDs
- V-217218
- Rule IDs
- SV-217218r958412_rule
Fix: F-18444r809427_fix
Configure the SUSE operating system to generate an audit record for all uses of the "setxattr", "fsetxattr", "lsetxattr", "removexattr", "fremovexattr", and "lremovexattr" syscalls. Add or update the following rules to "/etc/audit/rules.d/audit.rules": -a always,exit -F arch=b32 -S setxattr,fsetxattr,lsetxattr,removexattr,fremovexattr,lremovexattr -F auid>=1000 -F auid!=4294967295 -k perm_mod -a always,exit -F arch=b64 -S setxattr,fsetxattr,lsetxattr,removexattr,fremovexattr,lremovexattr -F auid>=1000 -F auid!=4294967295 -k perm_mod The audit daemon must be restarted for the changes to take effect. > sudo systemctl restart auditd.service
- RMF Control
- AU-3
- Severity
- M
- CCI
- CCI-000130
- Version
- SLES-12-020420
- Vuln IDs
- V-217223
- Rule IDs
- SV-217223r958412_rule
Fix: F-18449r854123_fix
Add or update the following rules to "/etc/audit/rules.d/audit.rules": -a always,exit -F arch=b32 -S chown,fchown,fchownat,lchown -F auid>=1000 -F auid!=4294967295 -k perm_mod -a always,exit -F arch=b64 -S chown,fchown,fchownat,lchown -F auid>=1000 -F auid!=4294967295 -k perm_mod The audit daemon must be restarted for the changes to take effect. > sudo systemctl restart auditd.service
- RMF Control
- AU-3
- Severity
- M
- CCI
- CCI-000130
- Version
- SLES-12-020460
- Vuln IDs
- V-217227
- Rule IDs
- SV-217227r958412_rule
Fix: F-18453r809433_fix
Configure the SUSE operating system to generate an audit record for all uses of the "chmod", "fchmod", and "fchmodat" system calls. Add or update the following rules to "/etc/audit/rules.d/audit.rules": -a always,exit -F arch=b32 -S chmod,fchmod,fchmodat -F auid>=1000 -F auid!=4294967295 -k perm_mod -a always,exit -F arch=b64 -S chmod,fchmod,fchmodat -F auid>=1000 -F auid!=4294967295 -k perm_mod The audit daemon must be restarted for the changes to take effect. > sudo systemctl restart auditd.service
- RMF Control
- AU-3
- Severity
- M
- CCI
- CCI-000130
- Version
- SLES-12-020490
- Vuln IDs
- V-217230
- Rule IDs
- SV-217230r958412_rule
Fix: F-18456r861098_fix
Configure the SUSE operating system to generate an audit record for all uses of the "creat", "open", "openat", "open_by_handle_at", "truncate", and "ftruncate" syscalls. Add or update the following rules to "/etc/audit/rules.d/audit.rules": -a always,exit -F arch=b32 -S creat,open,openat,open_by_handle_at,truncate,ftruncate -F exit=-EPERM -F auid>=1000 -F auid!=4294967295 -k perm_access -a always,exit -F arch=b64 -S creat,open,openat,open_by_handle_at,truncate,ftruncate -F exit=-EPERM -F auid>=1000 -F auid!=4294967295 -k perm_access -a always,exit -F arch=b32 -S creat,open,openat,open_by_handle_at,truncate,ftruncate -F exit=-EACCES -F auid>=1000 -F auid!=4294967295 -k perm_access -a always,exit -F arch=b64 -S creat,open,openat,open_by_handle_at,truncate,ftruncate -F exit=-EACCES -F auid>=1000 -F auid!=4294967295 -k perm_access The audit daemon must be restarted for the changes to take effect. > sudo systemctl restart auditd.service
- RMF Control
- AU-12
- Severity
- L
- CCI
- CCI-000172
- Version
- SLES-12-020550
- Vuln IDs
- V-217236
- Rule IDs
- SV-217236r958412_rule
Fix: F-18462r622374_fix
Configure the SUSE operating system to generate an audit record for all uses the "passwd" command. Add or update the following rules in the "/etc/audit/rules.d/audit.rules" file: -a always,exit -F path=/usr/bin/passwd -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-passwd The audit daemon must be restarted for the changes to take effect. # sudo systemctl restart auditd.service
- RMF Control
- AU-3
- Severity
- L
- CCI
- CCI-000130
- Version
- SLES-12-020560
- Vuln IDs
- V-217237
- Rule IDs
- SV-217237r958412_rule
Fix: F-18463r622377_fix
Configure the SUSE operating system to generate an audit record for all uses the "gpasswd" command. Add or update the following rules in the "/etc/audit/rules.d/audit.rules" file: -a always,exit -F path=/usr/bin/gpasswd -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-gpasswd The audit daemon must be restarted for the changes to take effect. # sudo systemctl restart auditd.service
- RMF Control
- AU-12
- Severity
- L
- CCI
- CCI-000169
- Version
- SLES-12-020570
- Vuln IDs
- V-217238
- Rule IDs
- SV-217238r958412_rule
Fix: F-18464r622380_fix
Configure the SUSE operating system to generate an audit record for all uses the "newgrp" command. Add or update the following rules in the "/etc/audit/rules.d/audit.rules" file: -a always,exit -F path=/usr/bin/newgrp -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-newgrp The audit daemon must be restarted for the changes to take effect. # sudo systemctl restart auditd.service
- RMF Control
- AU-3
- Severity
- L
- CCI
- CCI-000130
- Version
- SLES-12-020580
- Vuln IDs
- V-217239
- Rule IDs
- SV-217239r958412_rule
Fix: F-18465r622383_fix
Configure the SUSE operating system to generate an audit record for all uses the "chsh" command. Add or update the following rules in the "/etc/audit/rules.d/audit.rules" file: -a always,exit -F path=/usr/bin/chsh -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-chsh The audit daemon must be restarted for the changes to take effect. # sudo systemctl restart auditd.service
- RMF Control
- AU-12
- Severity
- M
- CCI
- CCI-000172
- Version
- SLES-12-020590
- Vuln IDs
- V-217240
- Rule IDs
- SV-217240r958368_rule
Fix: F-18466r369877_fix
Configure the SUSE operating system to generate an audit record when all modifications to the "/etc/gshadow" file occur. Add or update the following rule to "/etc/audit/rules.d/audit.rules": -w /etc/gshadow -p wa -k account_mod The audit daemon must be restarted for any changes to take effect. # sudo systemctl restart auditd.service
- RMF Control
- AU-3
- Severity
- M
- CCI
- CCI-000130
- Version
- SLES-12-020600
- Vuln IDs
- V-217241
- Rule IDs
- SV-217241r958412_rule
Fix: F-18467r622386_fix
Configure the SUSE operating system to generate an audit record for all uses of the "chmod" command. Add or update the following rules in the "/etc/audit/rules.d/audit.rules" file: -a always,exit -F path=/usr/bin/chmod -F perm=x -F auid>=1000 -F auid!=4294967295 -k prim_mod The audit daemon must be restarted for the changes to take effect. # sudo systemctl restart auditd.service
- RMF Control
- AU-12
- Severity
- M
- CCI
- CCI-000169
- Version
- SLES-12-020610
- Vuln IDs
- V-217242
- Rule IDs
- SV-217242r958412_rule
Fix: F-18468r622389_fix
Configure the SUSE operating system to generate an audit record for all uses of the "setfacl" command. Add or update the following rules in the "/etc/audit/rules.d/audit.rules" file: -a always,exit -F path=/usr/bin/setfacl -F perm=x -F auid>=1000 -F auid!=4294967295 -k prim_mod The audit daemon must be restarted for the changes to take effect. # sudo systemctl restart auditd.service
- RMF Control
- AU-3
- Severity
- M
- CCI
- CCI-000130
- Version
- SLES-12-020620
- Vuln IDs
- V-217243
- Rule IDs
- SV-217243r958412_rule
Fix: F-18469r622392_fix
Configure the SUSE operating system to generate an audit record for all uses of the "chacl" command. Add or update the following rules in the "/etc/audit/rules.d/audit.rules" file: -a always,exit -F path=/usr/bin/chacl -F perm=x -F auid>=1000 -F auid!=4294967295 -k prim_mod The audit daemon must be restarted for the changes to take effect. # sudo systemctl restart auditd.service
- RMF Control
- AU-12
- Severity
- M
- CCI
- CCI-000172
- Version
- SLES-12-020630
- Vuln IDs
- V-217244
- Rule IDs
- SV-217244r958412_rule
Fix: F-18470r622395_fix
Configure the SUSE operating system to generate audit records when successful/unsuccessful attempts to modify categories of information (e.g., classification levels) occur. Add or update the following rules in the "/etc/audit/rules.d/audit.rules" file: -a always,exit -F path=/usr/bin/chcon -F perm=x -F auid>=1000 -F auid!=4294967295 -k prim_mod The audit daemon must be restarted for the changes to take effect. # sudo systemctl restart auditd.service
- RMF Control
- AU-3
- Severity
- M
- CCI
- CCI-000130
- Version
- SLES-12-020640
- Vuln IDs
- V-217245
- Rule IDs
- SV-217245r958412_rule
Fix: F-18471r622398_fix
Configure the SUSE operating system to generate an audit record for all uses of the "rm" command. Add or update the following rules in the "/etc/audit/rules.d/audit.rules" file: -a always,exit -F path=/usr/bin/rm -F perm=x -F auid>=1000 -F auid!=4294967295 -k prim_mod The audit daemon must be restarted for the changes to take effect. # sudo systemctl restart auditd.service
- RMF Control
- AU-12
- Severity
- M
- CCI
- CCI-000172
- Version
- SLES-12-020650
- Vuln IDs
- V-217246
- Rule IDs
- SV-217246r958412_rule
Fix: F-18472r369895_fix
Configure the SUSE operating system to generate an audit record for any all modifications to the "tallylog" file occur. Add or update the following rule to "/etc/audit/rules.d/audit.rules": -w /var/log/tallylog -p wa -k logins The audit daemon must be restarted for the changes to take effect. # sudo systemctl restart auditd.service
- RMF Control
- AU-3
- Severity
- M
- CCI
- CCI-000130
- Version
- SLES-12-020660
- Vuln IDs
- V-217247
- Rule IDs
- SV-217247r958412_rule
Fix: F-18473r369898_fix
Configure the SUSE operating system to generate an audit record for any all modifications to the "lastlog" file occur. Add or update the following rule to "/etc/audit/rules.d/audit.rules": -w /var/log/lastlog -p wa -k logins The audit daemon must be restarted for the changes to take effect. # sudo systemctl restart auditd.service
- RMF Control
- AU-12
- Severity
- M
- CCI
- CCI-000172
- Version
- SLES-12-020670
- Vuln IDs
- V-217248
- Rule IDs
- SV-217248r958412_rule
Fix: F-18474r622401_fix
Configure the SUSE operating system to generate an audit record for all uses of the "passmass" command. Add or update the following rules in the "/etc/audit/rules.d/audit.rules" file: -a always,exit -F path=/usr/bin/passmass -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-passmass The audit daemon must be restarted for the changes to take effect. # sudo systemctl restart auditd.service
- RMF Control
- AU-3
- Severity
- M
- CCI
- CCI-000130
- Version
- SLES-12-020680
- Vuln IDs
- V-217249
- Rule IDs
- SV-217249r958412_rule
Fix: F-18475r622404_fix
Configure the SUSE operating system to generate an audit record for all uses of the "unix_chkpwd" and "unix2_chkpwd" commands. Add or update the following rules in the "/etc/audit/rules.d/audit.rules" file: -a always,exit -F path=/sbin/unix_chkpwd -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-unix-chkpwd -a always,exit -F path=/sbin/unix2_chkpwd -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-unix2-chkpwd The audit daemon must be restarted for the changes to take effect. # sudo systemctl restart auditd.service
- RMF Control
- AU-12
- Severity
- M
- CCI
- CCI-000172
- Version
- SLES-12-020690
- Vuln IDs
- V-217250
- Rule IDs
- SV-217250r958412_rule
Fix: F-18476r622407_fix
Configure the SUSE operating system to generate an audit record for all uses of the "chage" command. Add or update the following rules in the "/etc/audit/rules.d/audit.rules" file: -a always,exit -F path=/usr/bin/chage -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-chage The audit daemon must be restarted for the changes to take effect. # sudo systemctl restart auditd.service
- RMF Control
- AU-3
- Severity
- M
- CCI
- CCI-000130
- Version
- SLES-12-020700
- Vuln IDs
- V-217251
- Rule IDs
- SV-217251r958412_rule
Fix: F-18477r622410_fix
Configure the SUSE operating system to generate an audit record for all uses of the "usermod" command. Add or update the following rules in the "/etc/audit/rules.d/audit.rules" file: -a always,exit -F path=/usr/sbin/usermod -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-usermod The audit daemon must be restarted for the changes to take effect. # sudo systemctl restart auditd.service
- RMF Control
- AU-12
- Severity
- M
- CCI
- CCI-000172
- Version
- SLES-12-020710
- Vuln IDs
- V-217252
- Rule IDs
- SV-217252r958412_rule
Fix: F-18478r622413_fix
Configure the SUSE operating system to generate an audit record for all uses of the "crontab" command. Add or update the following rules in the "/etc/audit/rules.d/audit.rules" file: -a always,exit -F path=/usr/bin/crontab -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-crontab The audit daemon must be restarted for the changes to take effect. # sudo systemctl restart auditd.service
- RMF Control
- AU-3
- Severity
- M
- CCI
- CCI-000130
- Version
- SLES-12-020720
- Vuln IDs
- V-217253
- Rule IDs
- SV-217253r958412_rule
Fix: F-18479r622416_fix
Configure the SUSE operating system to generate an audit record for all uses of the "pam_timestamp_check" command. Add or update the following rules in the "/etc/audit/rules.d/audit.rules" file: -a always,exit -F path=/sbin/pam_timestamp_check -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-pam_timestamp_check The audit daemon must be restarted for the changes to take effect. # sudo systemctl restart auditd.service
- RMF Control
- AU-12
- Severity
- M
- CCI
- CCI-000169
- Version
- SLES-12-020730
- Vuln IDs
- V-217254
- Rule IDs
- SV-217254r958412_rule
Fix: F-18480r369919_fix
Configure the SUSE operating system to generate an audit record for all uses of the "delete_module" command. Add or update the following rules to "/etc/audit/rules.d/audit.rules": -a always,exit -F arch=b32 -S delete_module -F auid>=1000 -F auid!=4294967295 -k unload_module -a always,exit -F arch=b64 -S delete_module -F auid>=1000 -F auid!=4294967295 -k unload_module The audit daemon must be restarted for the changes to take effect. # sudo systemctl restart auditd.service
- RMF Control
- AU-3
- Severity
- M
- CCI
- CCI-000130
- Version
- SLES-12-020740
- Vuln IDs
- V-217255
- Rule IDs
- SV-217255r958412_rule
Fix: F-18481r809439_fix
Configure the SUSE operating system to generate an audit record for all uses of the "init_module" and "finit_module" syscalls. Add or update the following rules to "/etc/audit/rules.d/audit.rules": -a always,exit -F arch=b32 -S init_module,finit_module -F auid>=1000 -F auid!=4294967295 -k moduleload -a always,exit -F arch=b64 -S init_module,finit_module -F auid>=1000 -F auid!=4294967295 -k moduleload The audit daemon must be restarted for the changes to take effect. > sudo systemctl restart auditd.service
- RMF Control
- AU-3
- Severity
- M
- CCI
- CCI-000130
- Version
- SLES-12-020760
- Vuln IDs
- V-217257
- Rule IDs
- SV-217257r958412_rule
Fix: F-18483r369928_fix
Configure the SUSE operating system to generate an audit record for any all modifications to the "faillog" file occur. Add or update the following rule to "/etc/audit/rules.d/audit.rules": -w /var/log/faillog -p wa -k logins The audit daemon must be restarted for the changes to take effect. # sudo systemctl restart auditd.service
- RMF Control
- IA-5
- Severity
- M
- CCI
- CCI-000197
- Version
- SLES-12-030000
- Vuln IDs
- V-217258
- Rule IDs
- SV-217258r987796_rule
Fix: F-18484r369931_fix
Remove the telnet-server package from the SUSE operating system by running the following command: # sudo zypper remove telnet-server
- RMF Control
- SC-8
- Severity
- H
- CCI
- CCI-002418
- Version
- SLES-12-030100
- Vuln IDs
- V-217264
- Rule IDs
- SV-217264r958908_rule
Fix: F-18490r369949_fix
Note: If the system is not networked this requirement is Not Applicable. Configure the SUSE operating system to implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission. Install the OpenSSH package on the SUSE operating system with the following command: # sudo zypper in openssh Enable the OpenSSH service to start automatically on reboot with the following command: # sudo systemctl enable sshd.service For the changes to take effect immediately, start the service with the following command: # sudo systemctl restart sshd.service
- RMF Control
- AC-17
- Severity
- M
- CCI
- CCI-000067
- Version
- SLES-12-030110
- Vuln IDs
- V-217265
- Rule IDs
- SV-217265r958406_rule
Fix: F-18491r369952_fix
Configure SSH to verbosely log connection attempts and failed logon attempts to the SUSE operating system. Add or update the following line in the "/etc/ssh/sshd_config" file: LogLevel VERBOSE The SSH service will need to be restarted in order for the changes to take effect: # systemctl restart sshd
- RMF Control
- AC-9
- Severity
- M
- CCI
- CCI-000052
- Version
- SLES-12-030130
- Vuln IDs
- V-217266
- Rule IDs
- SV-217266r991589_rule
Fix: F-18492r369955_fix
Configure the SUSE operating system to provide users with feedback on when account accesses last occurred. Add or edit the following lines in the "/etc/ssh/sshd_config" file: PrintLastLog yes
- RMF Control
- IA-2
- Severity
- M
- CCI
- CCI-000770
- Version
- SLES-12-030140
- Vuln IDs
- V-217267
- Rule IDs
- SV-217267r1015227_rule
Fix: F-18493r369958_fix
Configure the SUSE operating system to deny direct logons to the root account using remote access via SSH. Edit the appropriate "/etc/ssh/sshd_config" file, add or uncomment the line for "PermitRootLogin" and set its value to "no" (this file may be named differently or be in a different location): PermitRootLogin no
- RMF Control
- IA-7
- Severity
- M
- CCI
- CCI-000803
- Version
- SLES-12-030170
- Vuln IDs
- V-217270
- Rule IDs
- SV-217270r958408_rule
Fix: F-18496r622419_fix
Edit the SSH daemon configuration (/etc/ssh/sshd_config) and remove any ciphers not starting with "aes" and remove any ciphers ending with "cbc". If necessary, add a "Ciphers" line: Ciphers aes256-ctr,aes192-ctr,aes128-ctr Restart the SSH daemon: # sudo systemctl restart sshd.service
- RMF Control
- MA-4
- Severity
- M
- CCI
- CCI-000877
- Version
- SLES-12-030180
- Vuln IDs
- V-217271
- Rule IDs
- SV-217271r958510_rule
Fix: F-18497r622422_fix
Configure the SUSE operating system SSH daemon to only use MACs that employ FIPS 140-2 approved hashes. Edit the "/etc/ssh/sshd_config" file to uncomment or add the line for the "MACs" keyword and set its value to "hmac-sha2-512" and/or "hmac-sha2-256" (The file might be named differently or be in a different location): MACs hmac-sha2-512,hmac-sha2-256
- RMF Control
- SC-10
- Severity
- M
- CCI
- CCI-001133
- Version
- SLES-12-030190
- Vuln IDs
- V-217272
- Rule IDs
- SV-217272r1015228_rule
Fix: F-18498r369973_fix
Configure the SUSE operating system SSH daemon to timeout idle sessions. Add or modify (to match exactly) the following line in the "/etc/ssh/sshd_config" file: ClientAliveInterval 600 The SSH daemon must be restarted in order for any changes to take effect.
- RMF Control
- SC-10
- Severity
- M
- CCI
- CCI-001133
- Version
- SLES-12-030191
- Vuln IDs
- V-217273
- Rule IDs
- SV-217273r1015229_rule
Fix: F-18499r369976_fix
Configure the SUSE operating system to automatically terminate all network connections associated with SSH traffic at the end of a session or after a "10" minute period of inactivity. Modify or append the following lines in the "/etc/ssh/sshd_config" file: ClientAliveCountMax 1 In order for the changes to take effect, the SSH daemon must be restarted. # sudo systemctl restart sshd.service
- RMF Control
- CM-6
- Severity
- M
- CCI
- CCI-000366
- Version
- SLES-12-030200
- Vuln IDs
- V-217274
- Rule IDs
- SV-217274r991589_rule
Fix: F-18500r369979_fix
Configure the SUSE operating system SSH daemon to not allow authentication using known hosts authentication. Add the following line in "/etc/ssh/sshd_config", or uncomment the line and set the value to "yes": IgnoreUserKnownHosts yes
- RMF Control
- CM-6
- Severity
- M
- CCI
- CCI-000366
- Version
- SLES-12-030210
- Vuln IDs
- V-217275
- Rule IDs
- SV-217275r991589_rule
Fix: F-18501r646749_fix
Configure the SUSE operating system SSH daemon public host key files have mode "0644" or less permissive. Note: SSH public key files may be found in other directories on the system depending on the installation. Change the mode of public host key files under "/etc/ssh" to "0644" with the following command: > sudo chmod 0644 /etc/ssh/ssh_host*key.pub
- RMF Control
- CM-6
- Severity
- M
- CCI
- CCI-000366
- Version
- SLES-12-030220
- Vuln IDs
- V-217276
- Rule IDs
- SV-217276r991589_rule
Fix: F-18502r880918_fix
Configure the mode of the SUSE operating system SSH daemon private host key files under "/etc/ssh" to "0640" with the following command: > sudo chmod 0640 /etc/ssh/ssh_host*key
- RMF Control
- CM-6
- Severity
- M
- CCI
- CCI-000366
- Version
- SLES-12-030230
- Vuln IDs
- V-217277
- Rule IDs
- SV-217277r991589_rule
Fix: F-18503r369988_fix
Configure the SUSE operating system SSH daemon performs strict mode checking of home directory configuration files. Uncomment the "StrictModes" keyword in "/etc/ssh/sshd_config" and set the value to "yes": StrictModes yes
- RMF Control
- CM-6
- Severity
- M
- CCI
- CCI-000366
- Version
- SLES-12-030240
- Vuln IDs
- V-217278
- Rule IDs
- SV-217278r991589_rule
Fix: F-18504r369991_fix
Configure the SUSE operating system SSH daemon is configured to use privilege separation. Uncomment the "UsePrivilegeSeparation" keyword in "/etc/ssh/sshd_config" and set the value to "yes" or "sandbox": UsePrivilegeSeparation yes
- RMF Control
- CM-6
- Severity
- M
- CCI
- CCI-000366
- Version
- SLES-12-030260
- Vuln IDs
- V-217280
- Rule IDs
- SV-217280r991589_rule
Fix: F-18506r622427_fix
Configure the SUSE operating system SSH daemon to disable forwarded X connections for interactive users. Edit the "/etc/ssh/sshd_config" file to uncomment or add the line for the "X11Forwarding" keyword and set its value to "no" (this file may be named differently or be in a different location if using a version of SSH that is provided by a third-party vendor): X11Forwarding no
- RMF Control
- SI-16
- Severity
- M
- CCI
- CCI-002824
- Version
- SLES-12-030320
- Vuln IDs
- V-217283
- Rule IDs
- SV-217283r958928_rule
Fix: F-18509r646760_fix
Configure the SUSE operating system to prevent leaking of internal kernel addresses by running the following command: > sudo sysctl -w kernel.kptr_restrict=1 If "1" is not the system's default value, add or update the following line in "/etc/sysctl.d/99-stig.conf": > sudo sh -c 'echo "kernel.kptr_restrict=1" >> /etc/sysctl.d/99-stig.conf' > sudo sysctl --system
- RMF Control
- SI-16
- Severity
- M
- CCI
- CCI-002824
- Version
- SLES-12-030330
- Vuln IDs
- V-217284
- Rule IDs
- SV-217284r958928_rule
Fix: F-18510r646763_fix
Configure the SUSE operating system to implement ASLR by running the following commands: > sudo sysctl -w kernel.randomize_va_space=2 If "2" is not the system's default value, add or update the following line in "/etc/sysctl.d/99-stig.conf": > sudo sh -c 'echo "kernel.randomize_va_space=2" >> /etc/sysctl.d/99-stig.conf' > sudo sysctl --system
- RMF Control
- SC-5
- Severity
- M
- CCI
- CCI-001095
- Version
- SLES-12-030350
- Vuln IDs
- V-217286
- Rule IDs
- SV-217286r958528_rule
Fix: F-18512r370015_fix
Configure the SUSE operating system to use TCP syncookies by running the following command as an administrator: # sudo sysctl -w net.ipv4.tcp_syncookies=1 If "1" is not the system's default value, add or update the following line in "/etc/sysctl.conf": net.ipv4.tcp_syncookies = 1
- RMF Control
- CM-6
- Severity
- M
- CCI
- CCI-000366
- Version
- SLES-12-030360
- Vuln IDs
- V-217287
- Rule IDs
- SV-217287r991589_rule
Fix: F-18513r370018_fix
Configure the SUSE operating system to the required kernel parameter by adding the following line to "/etc/sysctl.conf" (or modify the line to have the required value): net.ipv4.conf.all.accept_source_route = 0 Run the following command to apply this value: # sysctl --system
- RMF Control
- CM-6
- Severity
- M
- CCI
- CCI-000366
- Version
- SLES-12-030361
- Vuln IDs
- V-217288
- Rule IDs
- SV-217288r991589_rule
Fix: F-18514r370021_fix
Configure the SUSE operating system to not accept IPv6 source-routed packets by adding the following line to "/etc/sysctl.conf" (or modify the line to have the required value): net.ipv6.conf.all.accept_source_route = 0 Run the following command to apply this value: # sysctl --system
- RMF Control
- CM-6
- Severity
- M
- CCI
- CCI-000366
- Version
- SLES-12-030370
- Vuln IDs
- V-217289
- Rule IDs
- SV-217289r991589_rule
Fix: F-18515r370024_fix
Configure the SUSE operating system to the required kernel parameter by adding the following line to "/etc/sysctl.conf" (or modify the line to have the required value): net.ipv4.conf.default.accept_source_route = 0 Run the following command to apply this value: # sysctl --system
- RMF Control
- CM-6
- Severity
- M
- CCI
- CCI-000366
- Version
- SLES-12-030380
- Vuln IDs
- V-217290
- Rule IDs
- SV-217290r991589_rule
Fix: F-18516r370027_fix
Configure the SUSE operating system to the required kernel parameter by adding the following line to "/etc/sysctl.conf" (or modify the line to have the required value): net.ipv4.icmp_echo_ignore_broadcasts = 1 Run the following command to apply this value: # sysctl --system
- RMF Control
- CM-6
- Severity
- M
- CCI
- CCI-000366
- Version
- SLES-12-030390
- Vuln IDs
- V-217291
- Rule IDs
- SV-217291r991589_rule
Fix: F-18517r370030_fix
Configure the SUSE operating system to the required kernel parameter by adding the following line to "/etc/sysctl.conf" (or modify the line to have the required value): net.ipv4.conf.all.accept_redirects =0 Run the following command to apply this value: # sysctl --system
- RMF Control
- CM-6
- Severity
- M
- CCI
- CCI-000366
- Version
- SLES-12-030400
- Vuln IDs
- V-217292
- Rule IDs
- SV-217292r991589_rule
Fix: F-18518r370033_fix
Configure the SUSE operating system ignores IPv4 ICMP redirect messages by adding the following line to "/etc/sysctl.conf" (or modify the line to have the required value): net.ipv4.conf.default.accept_redirects = 0 Run the following command to apply this value: # sysctl --system
- RMF Control
- CM-6
- Severity
- M
- CCI
- CCI-000366
- Version
- SLES-12-030401
- Vuln IDs
- V-217293
- Rule IDs
- SV-217293r991589_rule
Fix: F-18519r370036_fix
Configure the SUSE operating system to not allow IPv6 ICMP redirect messages by default. Set the system to the required kernel parameter by adding the following line to "/etc/sysctl.conf" (or modify the line to have the required value): net.ipv6.conf.default.accept_redirects=0 Run the following command to apply this value: # sysctl –system
- RMF Control
- CM-6
- Severity
- M
- CCI
- CCI-000366
- Version
- SLES-12-030410
- Vuln IDs
- V-217294
- Rule IDs
- SV-217294r991589_rule
Fix: F-18520r370039_fix
Configure the SUSE operating system to not allow interfaces to perform IPv4 ICMP redirects by default. Set the system to the required kernel parameter by adding the following line to "/etc/sysctl.conf" (or modify the line to have the required value): net.ipv4.conf.default.send_redirects=0 Run the following command to apply this value: # sysctl --system
- RMF Control
- CM-6
- Severity
- M
- CCI
- CCI-000366
- Version
- SLES-12-030420
- Vuln IDs
- V-217295
- Rule IDs
- SV-217295r991589_rule
Fix: F-18521r370042_fix
Configure the SUSE operating system to not allow interfaces to perform IPv4 ICMP redirects. Set the system to the required kernel parameter by adding the following line to "/etc/sysctl.conf" (or modify the line to have the required value): net.ipv4.conf.all.send_redirects=0 Run the following command to apply this value: # sysctl --system
- RMF Control
- CM-6
- Severity
- M
- CCI
- CCI-000366
- Version
- SLES-12-030430
- Vuln IDs
- V-217296
- Rule IDs
- SV-217296r991589_rule
Fix: F-18522r646766_fix
Configure the SUSE operating system to not performing IPv4 packet forwarding by running the following command as an administrator: > sudo sysctl -w net.ipv4.ip_forward=0 If "0" is not the system's default value, add or update the following line in "/etc/sysctl.d/99-stig.conf": > sudo sh -c 'echo "net.ipv4.ip_forward=0" >> /etc/sysctl.d/99-stig.conf' > sudo sysctl --system
- RMF Control
- CM-6
- Severity
- M
- CCI
- CCI-000366
- Version
- SLES-12-010111
- Vuln IDs
- V-237603
- Rule IDs
- SV-237603r991589_rule
Fix: F-40785r646771_fix
Remove the following entries from the sudoers file: ALL ALL=(ALL) ALL ALL ALL=(ALL:ALL) ALL
- RMF Control
- AC-6
- Severity
- M
- CCI
- CCI-002227
- Version
- SLES-12-010112
- Vuln IDs
- V-237604
- Rule IDs
- SV-237604r991589_rule
Fix: F-40786r646774_fix
Define the following in the Defaults section of the /etc/sudoers file or a configuration file in the /etc/sudoers.d/ directory: Defaults !targetpw Defaults !rootpw Defaults !runaspw
- RMF Control
- IA-11
- Severity
- M
- CCI
- CCI-002038
- Version
- SLES-12-010113
- Vuln IDs
- V-237605
- Rule IDs
- SV-237605r1015235_rule
Fix: F-40787r861103_fix
Configure the "sudo" command to require re-authentication. Edit the /etc/sudoers file: > sudo visudo Add or modify the following line: Defaults timestamp_timeout=[value] Note: The "[value]" must be a number that is greater than or equal to "0".
- RMF Control
- CM-5
- Severity
- M
- CCI
- CCI-001499
- Version
- SLES-12-010871
- Vuln IDs
- V-237607
- Rule IDs
- SV-237607r991560_rule
Fix: F-40789r646783_fix
Configure the library files to be protected from unauthorized access. Run the following command: > sudo find /lib /lib64 /usr/lib /usr/lib64 -perm /022 -type f -exec chmod 755 '{}' \;
- RMF Control
- CM-5
- Severity
- M
- CCI
- CCI-001499
- Version
- SLES-12-010872
- Vuln IDs
- V-237608
- Rule IDs
- SV-237608r991560_rule
Fix: F-40790r646786_fix
Configure the shared library directories to be protected from unauthorized access. Run the following command: > sudo find /lib /lib64 /usr/lib /usr/lib64 -perm /022 -type d -exec chmod 755 '{}' \;
- RMF Control
- CM-5
- Severity
- M
- CCI
- CCI-001499
- Version
- SLES-12-010873
- Vuln IDs
- V-237609
- Rule IDs
- SV-237609r991560_rule
Fix: F-40791r646789_fix
Configure the system library files to be protected from unauthorized access. Run the following command: > sudo find /lib /lib64 /usr/lib /usr/lib64 ! -user root -type f -exec chown root '{}' \;
- RMF Control
- CM-5
- Severity
- M
- CCI
- CCI-001499
- Version
- SLES-12-010874
- Vuln IDs
- V-237610
- Rule IDs
- SV-237610r991560_rule
Fix: F-40792r646792_fix
Configure the library files and their respective parent directories to be protected from unauthorized access. Run the following command: > sudo find /lib /lib64 /usr/lib /usr/lib64 ! -user root -type d -exec chown root '{}' \;
- RMF Control
- CM-5
- Severity
- M
- CCI
- CCI-001499
- Version
- SLES-12-010875
- Vuln IDs
- V-237611
- Rule IDs
- SV-237611r991560_rule
Fix: F-40793r646795_fix
Configure the system library files to be protected from unauthorized access. Run the following command: > sudo find /lib /lib64 /usr/lib /usr/lib64 ! -group root -type f -exec chgrp root '{}' \;
- RMF Control
- CM-5
- Severity
- M
- CCI
- CCI-001499
- Version
- SLES-12-010876
- Vuln IDs
- V-237612
- Rule IDs
- SV-237612r991560_rule
Fix: F-40794r646798_fix
Configure the system library directories to be protected from unauthorized access. Run the following command: > sudo find /lib /lib64 /usr/lib /usr/lib64 ! -group root -type d -exec chgrp root '{}' \;
- RMF Control
- CM-5
- Severity
- M
- CCI
- CCI-001499
- Version
- SLES-12-010877
- Vuln IDs
- V-237613
- Rule IDs
- SV-237613r991560_rule
Fix: F-40795r646801_fix
Configure the system commands to be protected from unauthorized access. Run the following command: > sudo find -L /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin -perm /022 -type f -exec chmod 755 '{}' \;
- RMF Control
- CM-5
- Severity
- M
- CCI
- CCI-001499
- Version
- SLES-12-010878
- Vuln IDs
- V-237614
- Rule IDs
- SV-237614r991560_rule
Fix: F-40796r646804_fix
Configure the system commands directories to be protected from unauthorized access. Run the following command: > sudo find -L /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin -perm /022 -type d -exec chmod -R 755 '{}' \;
- RMF Control
- CM-5
- Severity
- M
- CCI
- CCI-001499
- Version
- SLES-12-010879
- Vuln IDs
- V-237615
- Rule IDs
- SV-237615r991560_rule
Fix: F-40797r646807_fix
Configure the system commands - and their respective parent directories - to be protected from unauthorized access. Run the following command: > sudo find -L /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin ! -user root -type f -exec chown root '{}' \;
- RMF Control
- CM-5
- Severity
- M
- CCI
- CCI-001499
- Version
- SLES-12-010881
- Vuln IDs
- V-237616
- Rule IDs
- SV-237616r991560_rule
Fix: F-40798r646810_fix
Configure the system commands directories to be protected from unauthorized access. Run the following command: > sudo find -L /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin ! -user root -type d -exec chown root '{}' \;
- RMF Control
- CM-5
- Severity
- M
- CCI
- CCI-001499
- Version
- SLES-12-010882
- Vuln IDs
- V-237617
- Rule IDs
- SV-237617r991560_rule
Fix: F-40799r832996_fix
Configure the system commands to be protected from unauthorized access. Run the following command, replacing "[FILE]" with any system command file not group-owned by "root" or a required system account. > sudo chgrp root [FILE]
- RMF Control
- CM-5
- Severity
- M
- CCI
- CCI-001499
- Version
- SLES-12-010883
- Vuln IDs
- V-237618
- Rule IDs
- SV-237618r991560_rule
Fix: F-40800r646816_fix
Configure the system commands directories to be protected from unauthorized access. Run the following command: > sudo find -L /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin ! -group root -type d -exec chgrp root '{}' \;
- RMF Control
- IA-5
- Severity
- M
- CCI
- CCI-000197
- Version
- SLES-12-030011
- Vuln IDs
- V-237619
- Rule IDs
- SV-237619r987796_rule
Fix: F-40801r646819_fix
Document the "vsftpd" package with the ISSO as an operational requirement or remove it from the system with the following command: > sudo zypper remove vsftpd
- RMF Control
- CM-6
- Severity
- M
- CCI
- CCI-000366
- Version
- SLES-12-030362
- Vuln IDs
- V-237620
- Rule IDs
- SV-237620r991589_rule
Fix: F-40802r646822_fix
Configure the SUSE operating system to disable IPv6 default source routing by running the following command as an administrator: > sudo sysctl -w net.ipv6.conf.default.accept_source_route=0 If "0" is not the system's default value, add or update the following line in "/etc/sysctl.d/99-stig.conf": > sudo sh -c 'echo "net.ipv6.conf.default.accept_source_route=0" >> /etc/sysctl.d/99-stig.conf' > sudo sysctl --system
- RMF Control
- CM-6
- Severity
- M
- CCI
- CCI-000366
- Version
- SLES-12-030363
- Vuln IDs
- V-237621
- Rule IDs
- SV-237621r991589_rule
Fix: F-40803r646825_fix
Configure the SUSE operating system to not accept IPv6 ICMP redirect messages by running the following command as an administrator: > sudo sysctl -w net.ipv6.conf.all.accept_redirects=0 If "0" is not the system's default value, add or update the following line in "/etc/sysctl.d/99-stig.conf": > sudo sh -c 'echo "net.ipv6.conf.all.accept_redirects=0" >> /etc/sysctl.d/99-stig.conf' > sudo sysctl --system
- RMF Control
- CM-6
- Severity
- M
- CCI
- CCI-000366
- Version
- SLES-12-030364
- Vuln IDs
- V-237622
- Rule IDs
- SV-237622r991589_rule
Fix: F-40804r646828_fix
Configure the SUSE operating system to not performing IPv6 packet forwarding by running the following command as an administrator: > sudo sysctl -w net.ipv6.conf.all.forwarding=0 If "0" is not the system's default value, add or update the following line in "/etc/sysctl.d/99-stig.conf": > sudo sh -c 'echo "net.ipv6.conf.all.forwarding=0" >> /etc/sysctl.d/99-stig.conf' > sudo sysctl --system
- RMF Control
- CM-6
- Severity
- M
- CCI
- CCI-000366
- Version
- SLES-12-030365
- Vuln IDs
- V-237623
- Rule IDs
- SV-237623r991589_rule
Fix: F-40805r646831_fix
Configure the SUSE operating system to not performing IPv6 packet forwarding by default by running the following command as an administrator: > sudo sysctl -w net.ipv6.conf.default.forwarding=0 If "0" is not the system's default value, add or update the following line in "/etc/sysctl.d/99-stig.conf": > sudo sh -c 'echo "net.ipv6.conf.default.forwarding=0" >> /etc/sysctl.d/99-stig.conf' > sudo sysctl --system