Guide to the Secure Configuration of SUSE Linux Enterprise 12
with profile DISA STIG for SUSE Linux Enterprise 12This profile contains configuration checks that align to the DISA STIG for SUSE Linux Enterprise 12 V1R2.
https://www.open-scap.org/security-policies/scap-security-guide
scap-security-guide
package which is developed at
https://www.open-scap.org/security-policies/scap-security-guide.
Providing system administrators with such guidance informs them how to securely configure systems under their control in a variety of network roles. Policy makers and baseline creators can use this catalog of settings, with its associated references to higher-level security control catalogs, in order to assist them in security baseline creation. This guide is a catalog, not a checklist, and satisfaction of every item is not likely to be possible or sensible in many operational scenarios. However, the XCCDF format enables granular selection and adjustment of settings, and their association with OVAL and OCIL content provides an automated checking capability. Transformations of this document, and its associated automated checking content, are capable of providing baselines that meet a diverse set of policy objectives. Some example XCCDF Profiles, which are selections of items that form checklists and can be used as baselines, are available with this guide. They can be processed, in an automated fashion, with tools that support the Security Content Automation Protocol (SCAP). The DISA STIG, which provides required settings for US Department of Defense systems, is one example of a baseline created from this guidance.
Profile Information
Profile Title | DISA STIG for SUSE Linux Enterprise 12 |
---|---|
Profile ID | xccdf_org.ssgproject.content_profile_stig |
CPE Platforms
- cpe:/o:suse:linux_enterprise_server:12
Revision History
Current version: 0.1.51
- draft (as of 2020-07-20)
Table of Contents
Checklist
Group Guide to the Secure Configuration of SUSE Linux Enterprise 12 Group contains 5 groups and 2 rules | ||||||||||||||||||||||
Group System Settings Group contains 4 groups and 2 rules | ||||||||||||||||||||||
[ref] Contains rules that check correct system settings. | ||||||||||||||||||||||
Group Installing and Maintaining Software Group contains 3 groups and 2 rules | ||||||||||||||||||||||
[ref] The following sections contain information on security-relevant choices during the initial operating system installation process and the setup of software updates. | ||||||||||||||||||||||
Group Updating Software Group contains 1 rule | ||||||||||||||||||||||
[ref]
The | ||||||||||||||||||||||
| ||||||||||||||||||||||
Group System and Software Integrity Group contains 1 group and 1 rule | ||||||||||||||||||||||
[ref] System and software integrity can be gained by installing antivirus, increasing system encryption strength with FIPS, verifying installed software, enabling SELinux, installing an Intrusion Prevention System, etc. However, installing or enabling integrity checking tools cannot prevent intrusions, but they can detect that an intrusion may have occurred. Requirements for integrity checking may be highly dependent on the environment in which the system will be used. Snapshot-based approaches such as AIDE may induce considerable overhead in the presence of frequent software updates. | ||||||||||||||||||||||
Group Operating System Vendor Support and Certification Group contains 1 rule | ||||||||||||||||||||||
[ref] The assurance of a vendor to provide operating system support and maintenance for their product is an important criterion to ensure product stability and security over the life of the product. A certified product that follows the necessary standards and government certification requirements guarantees that known software vulnerabilities will be remediated, and proper guidance for protecting and securing the operating system will be given. | ||||||||||||||||||||||
|