SUSE Linux Enterprise 15 STIG V1R4

View as one page
STIG ID CCI Title
SLES-15-010000 CCI-001230 The SUSE operating system must be a vendor-supported release.
SLES-15-010001 CCI-001233 The SUSE operating system must implement the Endpoint Security for Linux Threat Prevention tool.
SLES-15-010010 CCI-001227 Vendor-packaged SUSE operating system security patches and updates must be installed and up to date.
SLES-15-010020 CCI-000048 The SUSE operating system must display the Standard Mandatory DoD Notice and Consent Banner before granting access via local console.
SLES-15-010030 CCI-000197 The SUSE operating system must not have the vsftpd package installed if not required for operational support.
SLES-15-010040 CCI-000048 The SUSE operating system must display the Standard Mandatory DoD Notice and Consent Banner before granting access via SSH.
SLES-15-010050 CCI-000048 The SUSE operating system must display the Standard Mandatory DoD Notice and Consent Banner until users acknowledge the usage conditions and take explicit actions to log on for further access to the local graphical user interface (GUI).
SLES-15-010060 CCI-000050 The SUSE operating system file /etc/gdm/banner must contain the Standard Mandatory DoD Notice and Consent banner text.
SLES-15-010080 CCI-001384 The SUSE operating system must display a banner before granting local or remote access to the system via a graphical user logon.
SLES-15-010090 CCI-001384 The SUSE operating system must display the approved Standard Mandatory DoD Notice before granting local or remote access to the system via a graphical user logon.
SLES-15-010100 CCI-000056 The SUSE operating system must be able to lock the graphical user interface (GUI).
SLES-15-010110 CCI-000056 The SUSE operating system must utilize vlock to allow for session locking.
SLES-15-010120 CCI-000057 The SUSE operating system must initiate a session lock after a 15-minute period of inactivity for the graphical user interface (GUI).
SLES-15-010130 CCI-000057 The SUSE operating system must initiate a session lock after a 15-minute period of inactivity.
SLES-15-010140 CCI-000060 The SUSE operating system must conceal, via the session lock, information previously visible on the display with a publicly viewable image in the graphical user interface (GUI).
SLES-15-010150 CCI-000067 The SUSE operating system must log SSH connection attempts and failures to the server.
SLES-15-010160 CCI-000068 The SUSE operating system must implement DoD-approved encryption to protect the confidentiality of SSH remote connections.
SLES-15-010170 CCI-000185 The SUSE operating system, for PKI-based authentication, must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor.
SLES-15-010180 CCI-000197 The SUSE operating system must not have the telnet-server package installed.
SLES-15-010190 CCI-000213 SUSE operating systems with a basic input/output system (BIOS) must require authentication upon booting into single-user and maintenance modes.
SLES-15-010200 CCI-000213 SUSE operating systems with Unified Extensible Firmware Interface (UEFI) implemented must require authentication upon booting into single-user mode and maintenance.
SLES-15-010220 CCI-000382 The SUSE operating system must be configured to prohibit or restrict the use of functions, ports, protocols, and/or services as defined in the Ports, Protocols, and Services Management (PPSM) Category Assignments List (CAL) and vulnerability assessments.
SLES-15-010230 CCI-000764 The SUSE operating system must not have duplicate User IDs (UIDs) for interactive users.
SLES-15-010240 CCI-000778 The SUSE operating system must disable the file system automounter unless required.
SLES-15-010250 CCI-000803 The SUSE operating system must employ FIPS 140-2 approved cryptographic hashing algorithm for system authentication (system-auth).
SLES-15-010260 CCI-000803 The SUSE operating system must employ FIPS 140-2 approved cryptographic hashing algorithm for system authentication (login.defs).
SLES-15-010270 CCI-000877 The SUSE operating system SSH daemon must be configured to only use Message Authentication Codes (MACs) employing FIPS 140-2 approved cryptographic hash algorithms.
SLES-15-010280 CCI-000879 The SUSE operating system SSH daemon must be configured with a timeout interval.
SLES-15-010300 CCI-001090 The sticky bit must be set on all SUSE operating system world-writable directories.
SLES-15-010310 CCI-001095 The SUSE operating system must be configured to use TCP syncookies.
SLES-15-010320 CCI-000879 The SUSE operating system for all network connections associated with SSH traffic must immediately terminate at the end of the session or after 10 minutes of inactivity.
SLES-15-010330 CCI-001199 All SUSE operating system persistent disk partitions must implement cryptographic mechanisms to prevent unauthorized disclosure or modification of all information that requires at-rest protection.
SLES-15-010340 CCI-001312 The SUSE operating system must generate error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries.
SLES-15-010350 CCI-001314 The SUSE operating system must prevent unauthorized users from accessing system error messages.
SLES-15-010351 CCI-001499 The SUSE operating system library files must have mode 0755 or less permissive.
SLES-15-010352 CCI-001499 The SUSE operating system library directories must have mode 0755 or less permissive.
SLES-15-010353 CCI-001499 The SUSE operating system library files must be owned by root.
SLES-15-010354 CCI-001499 The SUSE operating system library directories must be owned by root.
SLES-15-010355 CCI-001499 The SUSE operating system library files must be group-owned by root.
SLES-15-010356 CCI-001499 The SUSE operating system library directories must be group-owned by root.
SLES-15-010357 CCI-001499 The SUSE operating system must have system commands set to a mode of 0755 or less permissive.
SLES-15-010358 CCI-001499 The SUSE operating system must have directories that contain system commands set to a mode of 0755 or less permissive.
SLES-15-010359 CCI-001499 The SUSE operating system must have system commands owned by root.
SLES-15-010360 CCI-001499 The SUSE operating system must have directories that contain system commands owned by root.
SLES-15-010361 CCI-001499 The SUSE operating system must have system commands group-owned by root.
SLES-15-010362 CCI-001499 The SUSE operating system must have directories that contain system commands group-owned by root.
SLES-15-010370 CCI-002322 The SUSE operating system must have a firewall system installed to immediately disconnect or disable remote access to the whole operating system.
SLES-15-010380 CCI-001443 The SUSE operating system wireless network adapters must be disabled unless approved and documented.
SLES-15-010390 CCI-001764 SUSE operating system AppArmor tool must be configured to control whitelisted applications and user home directory access control.
SLES-15-010400 CCI-001891 The SUSE operating system clock must, for networked systems, be synchronized to an authoritative DoD time source at least every 24 hours.
SLES-15-010410 CCI-001890 The SUSE operating system must be configured to use Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT).
SLES-15-010420 CCI-001744 Advanced Intrusion Detection Environment (AIDE) must verify the baseline SUSE operating system configuration at least weekly.
SLES-15-010430 CCI-001749 The SUSE operating system tool zypper must have gpgcheck enabled.
SLES-15-010450 CCI-002038 The SUSE operating system must reauthenticate users when changing authenticators, roles, or escalating privileges.
SLES-15-010460 CCI-001948 The SUSE operating system must have the packages required for multifactor authentication to be installed.
SLES-15-010470 CCI-001948 The SUSE operating system must implement certificate status checking for multifactor authentication.
SLES-15-010480 CCI-001958 The SUSE operating system must disable the USB mass storage kernel module.
SLES-15-010490 CCI-002007 If Network Security Services (NSS) is being used by the SUSE operating system it must prohibit the use of cached authentications after one day.
SLES-15-010500 CCI-002007 The SUSE operating system must configure the Linux Pluggable Authentication Modules (PAM) to prohibit the use of cached offline authentications after one day.
SLES-15-010510 CCI-002450 FIPS 140-2 mode must be enabled on the SUSE operating system.
SLES-15-010530 CCI-002418 All networked SUSE operating systems must have and implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission.
SLES-15-010540 CCI-002824 The SUSE operating system must implement kptr-restrict to prevent the leaking of internal kernel addresses.
SLES-15-010550 CCI-002824 Address space layout randomization (ASLR) must be implemented by the SUSE operating system to protect memory from unauthorized code execution.
SLES-15-010560 CCI-002617 The SUSE operating system must remove all outdated software components after updated versions have been installed.
SLES-15-010570 CCI-002702 The SUSE operating system must notify the System Administrator (SA) when Advanced Intrusion Detection Environment (AIDE) discovers anomalies in the operation of any security functions.
SLES-15-010580 CCI-001851 The SUSE operating system must off-load rsyslog messages for networked systems in real time and off-load standalone systems at least weekly.
SLES-15-020000 CCI-000016 The SUSE operating system must provision temporary accounts with an expiration date for 72 hours.
SLES-15-020010 CCI-000044 The SUSE operating system must lock an account after three consecutive invalid access attempts.
SLES-15-020020 CCI-000054 The SUSE operating system must limit the number of concurrent sessions to 10 for all accounts and/or account types.
SLES-15-020030 CCI-000187 The SUSE operating system must implement multifactor authentication for access to privileged accounts via pluggable authentication modules (PAM).
SLES-15-020040 CCI-000770 The SUSE operating system must deny direct logons to the root account using remote access via SSH.
SLES-15-020050 CCI-000795 The SUSE operating system must disable account identifiers (individuals, groups, roles, and devices) after 35 days of inactivity after password expiration.
SLES-15-020060 CCI-001682 The SUSE operating system must never automatically remove or disable emergency administrator accounts.
SLES-15-020080 CCI-000366 The SUSE operating system must display the date and time of the last successful account logon upon logon.
SLES-15-020090 CCI-000366 The SUSE operating system must not have unnecessary accounts.
SLES-15-020091 CCI-000366 The SUSE operating system must not have unnecessary account capabilities.
SLES-15-020100 CCI-000366 The SUSE operating system root account must be the only account with unrestricted access to the system.
SLES-15-020101 CCI-000366 The SUSE operating system must restrict privilege elevation to authorized personnel.
SLES-15-020102 CCI-002038 The SUSE operating system must require re-authentication when using the "sudo" command.
SLES-15-020103 CCI-000366 The SUSE operating system must use the invoking user's password for privilege escalation when using "sudo".
SLES-15-020110 CCI-000366 All SUSE operating system local interactive user accounts, upon creation, must be assigned a home directory.
SLES-15-020120 CCI-000366 The SUSE operating system must display the date and time of the last successful account logon upon an SSH logon.
SLES-15-020130 CCI-000192 The SUSE operating system must enforce passwords that contain at least one uppercase character.
SLES-15-020140 CCI-000193 The SUSE operating system must enforce passwords that contain at least one lowercase character.
SLES-15-020150 CCI-000194 The SUSE operating system must enforce passwords that contain at least one numeric character.
SLES-15-020160 CCI-000195 The SUSE operating system must require the change of at least eight of the total number of characters when passwords are changed.
SLES-15-020170 CCI-000196 The SUSE operating system must configure the Linux Pluggable Authentication Modules (PAM) to only store encrypted representations of passwords.
SLES-15-020180 CCI-000196 The SUSE operating system must employ FIPS 140-2-approved cryptographic hashing algorithms for all stored passwords.
SLES-15-020190 CCI-000196 The SUSE operating system must employ FIPS 140-2-approved cryptographic hashing algorithms for all stored passwords.
SLES-15-020200 CCI-000198 The SUSE operating system must be configured to create or update passwords with a minimum lifetime of 24 hours (one day).
SLES-15-020210 CCI-000198 The SUSE operating system must employ user passwords with a minimum lifetime of 24 hours (one day).
SLES-15-020220 CCI-000199 The SUSE operating system must be configured to create or update passwords with a maximum lifetime of 60 days.
SLES-15-020230 CCI-000199 The SUSE operating system must employ user passwords with a maximum lifetime of 60 days.
SLES-15-020240 CCI-000200 The SUSE operating system must employ a password history file.
SLES-15-020250 CCI-000200 The SUSE operating system must not allow passwords to be reused for a minimum of five generations.
SLES-15-020260 CCI-000205 The SUSE operating system must employ passwords with a minimum of 15 characters.
SLES-15-020270 CCI-001619 The SUSE operating system must enforce passwords that contain at least one special character.
SLES-15-020290 CCI-000366 The SUSE operating system must prevent the use of dictionary words for passwords.
SLES-15-020300 CCI-000366 The SUSE operating system must not be configured to allow blank or null passwords.
SLES-15-030000 CCI-000018 The SUSE operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.
SLES-15-030010 CCI-000018 The SUSE operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.
SLES-15-030020 CCI-000018 The SUSE operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.
SLES-15-030030 CCI-000018 The SUSE operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/security/opasswd.
SLES-15-030040 CCI-000018 The SUSE operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.
SLES-15-030050 CCI-000130 SUSE operating system audit records must contain information to establish what type of events occurred, the source of events, where events occurred, and the outcome of events.
SLES-15-030060 CCI-000130 The SUSE operating system must generate audit records for all uses of the ssh-keysign command.
SLES-15-030070 CCI-000130 The SUSE operating system must generate audit records for all uses of the passwd command.
SLES-15-030080 CCI-000130 The SUSE operating system must generate audit records for all uses of the gpasswd command.
SLES-15-030090 CCI-000130 The SUSE operating system must generate audit records for all uses of the newgrp command.
SLES-15-030100 CCI-000130 The SUSE operating system must generate audit records for a uses of the chsh command.
SLES-15-030110 CCI-000130 The SUSE operating system must generate audit records for all uses of the unix_chkpwd or unix2_chkpwd commands.
SLES-15-030120 CCI-000130 The SUSE operating system must generate audit records for all uses of the chage command.
SLES-15-030130 CCI-000130 The SUSE operating system must generate audit records for all uses of the crontab command.
SLES-15-030140 CCI-000130 The SUSE operating system must audit all uses of the sudoers file and all files in the /etc/sudoers.d/ directory.
SLES-15-030150 CCI-000130 The SUSE operating system must generate audit records for all uses of the open system call.
SLES-15-030160 CCI-000130 The SUSE operating system must generate audit records for all uses of the creat system call.
SLES-15-030170 CCI-000130 The SUSE operating system must generate audit records for all uses of the openat system call.
SLES-15-030180 CCI-000130 The SUSE operating system must generate audit records for all uses of the open_by_handle_at system call.
SLES-15-030190 CCI-000130 The SUSE operating system must generate audit records for all uses of the removexattr system call.
SLES-15-030200 CCI-000130 The SUSE operating system must generate audit records for all uses of the lremovexattr system call.
SLES-15-030210 CCI-000130 The SUSE operating system must generate audit records for all uses of the fremovexattr system call.
SLES-15-030220 CCI-000130 The SUSE operating system must generate audit records for all uses of the setxattr system call.
SLES-15-030230 CCI-000130 The SUSE operating system must generate audit records for all uses of the fsetxattr system call.
SLES-15-030240 CCI-000130 The SUSE operating system must generate audit records for all uses of the lsetxattr system call.
SLES-15-030250 CCI-000130 The SUSE operating system must generate audit records for all uses of the chown system call.
SLES-15-030260 CCI-000130 The SUSE operating system must generate audit records for all uses of the fchown system call.
SLES-15-030270 CCI-000130 The SUSE operating system must generate audit records for all uses of the lchown system call.
SLES-15-030280 CCI-000130 The SUSE operating system must generate audit records for all uses of the fchownat system call.
SLES-15-030290 CCI-000130 The SUSE operating system must generate audit records for all uses of the chmod system call.
SLES-15-030300 CCI-000130 The SUSE operating system must generate audit records for all uses of the fchmod system call.
SLES-15-030310 CCI-000130 The SUSE operating system must generate audit records for all uses of the fchmodat system call.
SLES-15-030320 CCI-000130 The SUSE operating system must generate audit records for all uses of the ftruncate system call.
SLES-15-030330 CCI-000130 The SUSE operating system must generate audit records for all uses of the sudoedit command.
SLES-15-030340 CCI-000130 The SUSE operating system must generate audit records for all uses of the chfn command.
SLES-15-030350 CCI-000130 The SUSE operating system must generate audit records for all uses of the mount system call.
SLES-15-030360 CCI-000130 The SUSE operating system must generate audit records for all uses of the umount system call.
SLES-15-030370 CCI-000130 The SUSE operating system must generate audit records for all uses of the ssh-agent command.
SLES-15-030380 CCI-000130 The SUSE operating system must generate audit records for all uses of the insmod command.
SLES-15-030390 CCI-000130 The SUSE operating system must generate audit records for all uses of the rmmod command.
SLES-15-030400 CCI-000130 The SUSE operating system must generate audit records for all uses of the modprobe command.
SLES-15-030410 CCI-000130 The SUSE operating system must generate audit records for all uses of the kmod command.
SLES-15-030420 CCI-000130 The SUSE operating system must generate audit records for all uses of the chmod command.
SLES-15-030430 CCI-000130 The SUSE operating system must generate audit records for all uses of the setfacl command.
SLES-15-030440 CCI-000130 The SUSE operating system must generate audit records for all uses of the chacl command.
SLES-15-030450 CCI-000130 The SUSE operating system must generate audit records for all uses of the chcon command.
SLES-15-030460 CCI-000130 The SUSE operating system must generate audit records for all uses of the rm command.
SLES-15-030470 CCI-000130 The SUSE operating system must generate audit records for all modifications to the tallylog file must generate an audit record.
SLES-15-030480 CCI-000130 The SUSE operating system must generate audit records for all modifications to the lastlog file.
SLES-15-030490 CCI-000130 The SUSE operating system must generate audit records for all uses of the passmass command.
SLES-15-030500 CCI-000130 The SUSE operating system must generate audit records for all uses of the usermod command.
SLES-15-030510 CCI-000130 The SUSE operating system must generate audit records for all uses of the pam_timestamp_check command.
SLES-15-030520 CCI-000130 The SUSE operating system must generate audit records for all uses of the delete_module system call.
SLES-15-030530 CCI-000130 The SUSE operating system must generate audit records for all uses of the finit_module system call.
SLES-15-030540 CCI-000130 The SUSE operating system must generate audit records for all uses of the init_module system call.
SLES-15-030550 CCI-000130 The SUSE operating system must generate audit records for all uses of the su command.
SLES-15-030560 CCI-000130 The SUSE operating system must generate audit records for all uses of the sudo command.
SLES-15-030570 CCI-000139 The Information System Security Officer (ISSO) and System Administrator (SA), at a minimum, must be alerted of a SUSE operating system audit processing failure event.
SLES-15-030580 CCI-000139 The Information System Security Officer (ISSO) and System Administrator (SA), at a minimum, must have mail aliases to be notified of a SUSE operating system audit processing failure.
SLES-15-030590 CCI-000140 The SUSE operating system audit system must take appropriate action when the audit storage volume is full.
SLES-15-030600 CCI-000162 The SUSE operating system must protect audit rules from unauthorized modification.
SLES-15-030610 CCI-000172 The SUSE operating system must generate audit records for all uses of the truncate command.
SLES-15-030620 CCI-001493 The SUSE operating system audit tools must have the proper permissions configured to protect against unauthorized access.
SLES-15-030630 CCI-001496 The SUSE operating system file integrity tool must be configured to protect the integrity of the audit tools.
SLES-15-030640 CCI-001814 The SUSE operating system must generate audit records for all uses of the privileged functions.
SLES-15-030650 CCI-000172 The SUSE operating system must have the auditing package installed.
SLES-15-030660 CCI-001849 The SUSE operating system must allocate audit record storage capacity to store at least one week of audit records when audit records are not immediately sent to a central audit record storage facility.
SLES-15-030670 CCI-001851 The audit-audispd-plugins must be installed on the SUSE operating system.
SLES-15-030680 CCI-001851 The SUSE operating system audit event multiplexor must be configured to use Kerberos.
SLES-15-030690 CCI-001851 Audispd must off-load audit records onto a different system or media from the SUSE operating system being audited.
SLES-15-030700 CCI-001855 The SUSE operating system auditd service must notify the System Administrator (SA) and Information System Security Officer (ISSO) immediately when audit storage capacity is 75 percent full.
SLES-15-030710 CCI-000172 The SUSE operating system must generate audit records for all uses of the rename system call.
SLES-15-030720 CCI-000172 The SUSE operating system must generate audit records for all uses of the renameat system call.
SLES-15-030730 CCI-000172 The SUSE operating system must generate audit records for all uses of the renameat2 system call.
SLES-15-030740 CCI-000172 The SUSE operating system must generate audit records for all uses of the unlink system call.
SLES-15-030750 CCI-000172 The SUSE operating system must generate audit records for all uses of the unlinkat system call.
SLES-15-030760 CCI-000172 The SUSE operating system must generate audit records for the /run/utmp file.
SLES-15-030770 CCI-000172 The SUSE operating system must generate audit records for the /var/log/wtmp file.
SLES-15-030780 CCI-000172 The SUSE operating system must generate audit records for the /var/log/btmp file.
SLES-15-030790 CCI-001851 The SUSE operating system must off-load audit records onto a different system or media from the system being audited.
SLES-15-030800 CCI-001851 Audispd must take appropriate action when the SUSE operating system audit storage is full.
SLES-15-030810 CCI-000366 The SUSE operating system must use a separate file system for the system audit data path.
SLES-15-030820 CCI-000366 The SUSE operating system must not disable syscall auditing.
SLES-15-040000 CCI-000366 The SUSE operating system must enforce a delay of at least four seconds between logon prompts following a failed logon attempt.
SLES-15-040010 CCI-000366 The SUSE operating system must enforce a delay of at least four seconds between logon prompts following a failed logon attempt.
SLES-15-040020 CCI-000366 There must be no .shosts files on the SUSE operating system.
SLES-15-040030 CCI-000366 There must be no shosts.equiv files on the SUSE operating system.
SLES-15-040040 CCI-000366 The SUSE operating system file integrity tool must be configured to verify Access Control Lists (ACLs).
SLES-15-040050 CCI-000366 The SUSE operating system file integrity tool must be configured to verify extended attributes.
SLES-15-040060 CCI-000366 The SUSE operating system must disable the x86 Ctrl-Alt-Delete key sequence.
SLES-15-040061 CCI-000366 The SUSE operating system must disable the x86 Ctrl-Alt-Delete key sequence for Graphical User Interfaces.
SLES-15-040062 CCI-000366 The SUSE operating system must disable the systemd Ctrl-Alt-Delete burst key sequence.
SLES-15-040070 CCI-000366 All SUSE operating system local interactive users must have a home directory assigned in the /etc/passwd file.
SLES-15-040080 CCI-000366 All SUSE operating system local interactive user home directories defined in the /etc/passwd file must exist.
SLES-15-040090 CCI-000366 All SUSE operating system local interactive user home directories must have mode 0750 or less permissive.
SLES-15-040100 CCI-000366 All SUSE operating system local interactive user home directories must be group-owned by the home directory owner's primary group.
SLES-15-040110 CCI-000366 All SUSE operating system local initialization files must have mode 0740 or less permissive.
SLES-15-040120 CCI-000366 All SUSE operating system local interactive user initialization files executable search paths must contain only paths that resolve to the users home directory.
SLES-15-040130 CCI-000366 All SUSE operating system local initialization files must not execute world-writable programs.
SLES-15-040140 CCI-000366 SUSE operating system file systems that contain user home directories must be mounted to prevent files with the setuid and setgid bit set from being executed.
SLES-15-040150 CCI-000366 SUSE operating system file systems that are used with removable media must be mounted to prevent files with the setuid and setgid bit set from being executed.
SLES-15-040160 CCI-000366 SUSE operating system file systems that are being imported via Network File System (NFS) must be mounted to prevent files with the setuid and setgid bit set from being executed.
SLES-15-040170 CCI-000366 SUSE operating system file systems that are being imported via Network File System (NFS) must be mounted to prevent binary files from being executed.
SLES-15-040180 CCI-000366 All SUSE operating system world-writable directories must be group-owned by root, sys, bin, or an application group.
SLES-15-040190 CCI-000366 SUSE operating system kernel core dumps must be disabled unless needed.
SLES-15-040200 CCI-000366 A separate file system must be used for SUSE operating system user home directories (such as /home or an equivalent).
SLES-15-040210 CCI-000366 The SUSE operating system must use a separate file system for /var.
SLES-15-040220 CCI-000366 The SUSE operating system must be configured to not overwrite Pluggable Authentication Modules (PAM) configuration on package changes.
SLES-15-040230 CCI-000366 The SUSE operating system SSH daemon must be configured to not allow authentication using known hosts authentication.
SLES-15-040240 CCI-000366 The SUSE operating system SSH daemon public host key files must have mode 0644 or less permissive.
SLES-15-040250 CCI-000366 The SUSE operating system SSH daemon private host key files must have mode 0600 or less permissive.
SLES-15-040260 CCI-000366 The SUSE operating system SSH daemon must perform strict mode checking of home directory configuration files.
SLES-15-040280 CCI-000366 The SUSE operating system SSH daemon must not allow compression or must only allow compression after successful authentication.
SLES-15-040290 CCI-000366 The SUSE operating system SSH daemon must disable forwarded remote X connections for interactive users, unless to fulfill documented and validated mission requirements.
SLES-15-040300 CCI-000366 The SUSE operating system must not forward Internet Protocol version 4 (IPv4) source-routed packets.
SLES-15-040310 CCI-000366 The SUSE operating system must not forward Internet Protocol version 6 (IPv6) source-routed packets.
SLES-15-040320 CCI-000366 The SUSE operating system must not forward Internet Protocol version 4 (IPv4) source-routed packets by default.
SLES-15-040321 CCI-000366 The SUSE operating system must not forward Internet Protocol version 6 (IPv6) source-routed packets by default.
SLES-15-040330 CCI-000366 The SUSE operating system must prevent Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirect messages from being accepted.
SLES-15-040340 CCI-000366 The SUSE operating system must not allow interfaces to accept Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirect messages by default.
SLES-15-040341 CCI-000366 The SUSE operating system must prevent Internet Protocol version 6 (IPv6) Internet Control Message Protocol (ICMP) redirect messages from being accepted.
SLES-15-040350 CCI-000366 The SUSE operating system must not allow interfaces to accept Internet Protocol version 6 (IPv6) Internet Control Message Protocol (ICMP) redirect messages by default.
SLES-15-040360 CCI-000366 The SUSE operating system must not allow interfaces to send Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirect messages by default.
SLES-15-040370 CCI-000366 The SUSE operating system must not send Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirects.
SLES-15-040380 CCI-000366 The SUSE operating system must not be performing Internet Protocol version 4 (IPv4) packet forwarding unless the system is a router.
SLES-15-040381 CCI-000366 The SUSE operating system must not be performing Internet Protocol version 6 (IPv6) packet forwarding unless the system is a router.
SLES-15-040382 CCI-000366 The SUSE operating system must not be performing Internet Protocol version 6 (IPv6) packet forwarding by default unless the system is a router.
SLES-15-040390 CCI-000366 The SUSE operating system must not have network interfaces in promiscuous mode unless approved and documented.
SLES-15-040400 CCI-001230 All SUSE operating system files and directories must have a valid owner.
SLES-15-040410 CCI-001230 All SUSE operating system files and directories must have a valid group owner.
SLES-15-040420 CCI-000366 The SUSE operating system default permissions must be defined in such a way that all authenticated users can only read and modify their own files.
SLES-15-040430 CCI-000366 The SUSE operating system must not allow unattended or automatic logon via the graphical user interface (GUI).
SLES-15-040440 CCI-000366 The SUSE operating system must not allow unattended or automatic logon via SSH.