Guide to the Secure Configuration of SUSE Linux Enterprise 12
with profile DISA STIG for SUSE Linux Enterprise 12This profile contains configuration checks that align to the DISA STIG for SUSE Linux Enterprise 12 V1R2.
https://www.open-scap.org/security-policies/scap-security-guide
scap-security-guide
package which is developed at
https://www.open-scap.org/security-policies/scap-security-guide.
Providing system administrators with such guidance informs them how to securely configure systems under their control in a variety of network roles. Policy makers and baseline creators can use this catalog of settings, with its associated references to higher-level security control catalogs, in order to assist them in security baseline creation. This guide is a catalog, not a checklist, and satisfaction of every item is not likely to be possible or sensible in many operational scenarios. However, the XCCDF format enables granular selection and adjustment of settings, and their association with OVAL and OCIL content provides an automated checking capability. Transformations of this document, and its associated automated checking content, are capable of providing baselines that meet a diverse set of policy objectives. Some example XCCDF Profiles, which are selections of items that form checklists and can be used as baselines, are available with this guide. They can be processed, in an automated fashion, with tools that support the Security Content Automation Protocol (SCAP). The DISA STIG, which provides required settings for US Department of Defense systems, is one example of a baseline created from this guidance.
Profile Information
Profile Title | DISA STIG for SUSE Linux Enterprise 12 |
---|---|
Profile ID | xccdf_org.ssgproject.content_profile_stig |
CPE Platforms
- cpe:/o:suse:linux_enterprise_server:12
Revision History
Current version: 0.1.53
- draft (as of 2020-12-01)
Table of Contents
Checklist
Group Guide to the Secure Configuration of SUSE Linux Enterprise 12 Group contains 5 groups and 2 rules | ||||||||||||||||||||||
Group System Settings Group contains 4 groups and 2 rules | ||||||||||||||||||||||
[ref]
Contains rules that check correct system settings. | ||||||||||||||||||||||
Group Installing and Maintaining Software Group contains 3 groups and 2 rules | ||||||||||||||||||||||
[ref]
The following sections contain information on
security-relevant choices during the initial operating system
installation process and the setup of software
updates. | ||||||||||||||||||||||
Group Updating Software Group contains 1 rule | ||||||||||||||||||||||
[ref]
The zypper command line tool is used to install and
update software packages. The system also provides a graphical
software update tool in the System menu, in the Administration submenu,
called Software Update.
SUSE Linux Enterprise 12 systems contain an installed software catalog called the RPM database, which records metadata of installed packages. Consistently using zypper or the graphical Software Update for all software installation
allows for insight into the current inventory of installed software on the system.
| ||||||||||||||||||||||
| ||||||||||||||||||||||
Group System and Software Integrity Group contains 1 group and 1 rule | ||||||||||||||||||||||
[ref]
System and software integrity can be gained by installing antivirus, increasing
system encryption strength with FIPS, verifying installed software, enabling SELinux,
installing an Intrusion Prevention System, etc. However, installing or enabling integrity
checking tools cannot prevent intrusions, but they can detect that an intrusion
may have occurred. Requirements for integrity checking may be highly dependent on
the environment in which the system will be used. Snapshot-based approaches such
as AIDE may induce considerable overhead in the presence of frequent software updates. | ||||||||||||||||||||||
Group Operating System Vendor Support and Certification Group contains 1 rule | ||||||||||||||||||||||
[ref]
The assurance of a vendor to provide operating system support and maintenance
for their product is an important criterion to ensure product stability and
security over the life of the product. A certified product that follows the
necessary standards and government certification requirements guarantees that
known software vulnerabilities will be remediated, and proper guidance for
protecting and securing the operating system will be given. | ||||||||||||||||||||||
|