Download
| Alert*
oval:org.secpod.oval:def:84514
SSH provides several logging levels with varying amounts of verbosity. DEBUG is specifically not recommended other than strictly for debugging SSH communications since it provides so much data that it is difficult to identify important security information. INFO level is the basic level that only re ... oval:org.secpod.oval:def:84507 The kernel runtime parameter "net.ipv6.conf.default.accept_redirects" should be set to "0". oval:org.secpod.oval:def:84500 Failure to restrict system access via SSH to authenticated users negatively impacts SUSE operating system security. oval:org.secpod.oval:def:84503 TMOUT is an environmental setting that determines the timeout of a shell in seconds. oval:org.secpod.oval:def:84375 Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one. Audit records can be generated from various components within the ... oval:org.secpod.oval:def:84376 Disable Automounting oval:org.secpod.oval:def:84377 Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one. Audit records can be generated from various components within the ... oval:org.secpod.oval:def:84498 The kernel runtime parameter "net.ipv4.ip_forward" should be set to "0". oval:org.secpod.oval:def:84378 Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one. Audit records can be generated from various components within the ... oval:org.secpod.oval:def:84499 The default umask for all users specified in /etc/login.defs oval:org.secpod.oval:def:84493 GDM is the GNOME Display Manager which handles graphical login for GNOME based systems. Warning messages inform users who are attempting to login to the system of their legal status regarding the system and must include the name of the organization that owns the system and any monitoring po ... oval:org.secpod.oval:def:84494 The kernel runtime parameter "net.ipv4.conf.all.accept_redirects" should be set to "0". oval:org.secpod.oval:def:84495 The kernel runtime parameter "net.ipv4.conf.default.accept_redirects" should be set to "0". oval:org.secpod.oval:def:84490 Disable X11 forwarding unless there is an operational requirement to use X11 applications directly. There is a small risk that the remote X11 servers of users who are logged in via SSH with X11 forwarding could be compromised by other users on the X11 server. Note that even if X11 forwarding is disa ... oval:org.secpod.oval:def:84485 action_mail_acct setting in /etc/audit/auditd.conf is set to a certain account oval:org.secpod.oval:def:84389 The password hashing algorithm should be set correctly in /etc/login.defs. oval:org.secpod.oval:def:84462 The kernel runtime parameter "kernel.randomize_va_space" should be set to "2". oval:org.secpod.oval:def:84459 The gpgcheck option should be used to ensure that checking of an RPM package's signature always occurs prior to its installation. oval:org.secpod.oval:def:84332 A SUSE operating system release is considered "supported" if the vendor continues to provide security patches for the product. With an unsupported release, it will not be possible to resolve security issues discovered in the system software. oval:org.secpod.oval:def:84333 Limit the ciphers to those which are FIPS-approved and only use ciphers in counter (CTR) mode. oval:org.secpod.oval:def:84451 The RPM package vsftpd should be removed. oval:org.secpod.oval:def:84481 The audit rules should be configured to log information about kernel module loading and unloading. oval:org.secpod.oval:def:84480 Ensure auditd service is enabled and running oval:org.secpod.oval:def:84478 The password minclass should meet minimum requirements using pam_cracklib oval:org.secpod.oval:def:84479 The password ocredit should meet minimum requirements using pam_cracklib oval:org.secpod.oval:def:84355 Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one oval:org.secpod.oval:def:84477 The passwords to remember should be set correctly. oval:org.secpod.oval:def:84470 The password dcredit should meet minimum requirements using pam_cracklib oval:org.secpod.oval:def:84471 The password difok should meet minimum requirements using pam_cracklib oval:org.secpod.oval:def:84468 The password ucredit should meet minimum requirements using pam_cracklib oval:org.secpod.oval:def:84469 The password lcredit should meet minimum requirements using pam_cracklib oval:org.secpod.oval:def:84463 Syslog logs should be sent to a remote loghost oval:org.secpod.oval:def:84465 Root login via SSH should be disabled (and dependencies are met) oval:org.secpod.oval:def:84344 The RPM package telnet-server should be removed. oval:org.secpod.oval:def:84466 Ensure inactive password lock is 30 days or less oval:org.secpod.oval:def:84345 If security personnel are not notified immediately when storage volume reaches 75 percent utilization, they are unable to plan for audit record storage capacity expansion. oval:org.secpod.oval:def:84407 Monitor scope changes for system administrations. If the system has been properly configured to force system administrators to log in as themselves first and then use the sudo command to execute privileged commands, it is possible to monitor changes in scope. The file /etc/sudoers will be written t ... oval:org.secpod.oval:def:84400 Ensure only strong MAC algorithms are used oval:org.secpod.oval:def:84433 The SSH ClientAliveCountMax should be set to an appropriate value (and dependencies are met) oval:org.secpod.oval:def:84423 The kernel runtime parameter "net.ipv4.tcp_syncookies" should be set to "1". oval:org.secpod.oval:def:84458 Periodic checking of the filesystem integrity is needed to detect changes to the filesystem. oval:org.secpod.oval:def:84496 The kernel runtime parameter "net.ipv4.conf.default.send_redirects" should be set to "0". oval:org.secpod.oval:def:84497 The kernel runtime parameter "net.ipv4.conf.all.send_redirects" should be set to "0". oval:org.secpod.oval:def:84502 Network interfaces in promiscuous mode allow for the capture of all network traffic visible to the system. If unauthorized individuals can access these applications, it may allow then to collect information such as logon IDs, passwords, and key exchanges between systems. oval:org.secpod.oval:def:84430 Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information. oval:org.secpod.oval:def:84515 Providing users with feedback on when account accesses via SSH last occurred facilitates user recognition and reporting of unauthorized account use. oval:org.secpod.oval:def:84360 Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one oval:org.secpod.oval:def:84492 The Kernel Parameter for Accepting Source-Routed Packets By Default should be enabled or disabled as appropriate. The kernel runtime parameter "net.ipv4.conf.default.accept_source_route" should be set to "0". oval:org.secpod.oval:def:84372 Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one oval:org.secpod.oval:def:84447 Verify that Shared Library Files Have Root Ownership (/lib, /lib64, /usr/lib or /usr/lib64) should be configured appropriately. oval:org.secpod.oval:def:84523 The "nosuid" mount option causes the system to not execute setuid and setgid files with owner privileges. This option must be used for mounting any file system not containing approved setuid and setguid files. Executing files from untrusted file systems increases the opportunity for unprivileged use ... oval:org.secpod.oval:def:84491 The kernel runtime parameter "net.ipv4.conf.all.accept_source_route" should be set to "0". oval:org.secpod.oval:def:84408 Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one. oval:org.secpod.oval:def:84385 Use of weak or untested encryption algorithms undermines the purposes of using encryption to protect data. The SUSE operating system must implement cryptographic modules adhering to the higher standards approved by the federal government since this provides assurance they have been tested and valida ... oval:org.secpod.oval:def:84354 Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one oval:org.secpod.oval:def:84452 If the SUSE operating system were to allow any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robust change management process. oval:org.secpod.oval:def:84362 Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one oval:org.secpod.oval:def:84444 It is critical for the appropriate personnel to be aware if a system is at risk of failing to process audit logs as required. Without this notification, the security personnel may be unaware of an impending failure of the audit capability, and system operation may be adversely affected. oval:org.secpod.oval:def:84392 The root account is the only system account that should have a login shell. oval:org.secpod.oval:def:84390 Providing users with feedback on when account accesses last occurred facilitates user recognition and reporting of unauthorized account use oval:org.secpod.oval:def:84361 Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one oval:org.secpod.oval:def:84368 Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one oval:org.secpod.oval:def:84366 Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one oval:org.secpod.oval:def:84518 Ensure firewalld service is enabled and running oval:org.secpod.oval:def:84401 If the system allows the user to select passwords based on dictionary words, this increases the chances of password compromise by increasing the opportunity for successful guesses and brute-force attacks. oval:org.secpod.oval:def:84369 Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one oval:org.secpod.oval:def:84519 An SSH private key is one of two files used in SSH public key authentication. In this authentication method, The possession of the private key is proof of identity. Only a private key that corresponds to a public key will be able to authenticate successfully. The private keys need to be stored and h ... oval:org.secpod.oval:def:84460 The kernel module usb-storage should be disabled. oval:org.secpod.oval:def:84474 The minimum password age policy should be set appropriately. oval:org.secpod.oval:def:84334 The executable search path (typically the PATH environment variable) contains a list of directories for the shell to search to find executables. If this path includes the current working directory (other than the user's home directory), executables in these directories may be executed instead of sys ... oval:org.secpod.oval:def:84358 Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one oval:org.secpod.oval:def:84437 A locally logged-on user who presses Ctrl-Alt-Delete, when at the console, can reboot the system. If accidentally pressed, as could happen in the case of a mixed OS environment, this can create the risk of short-term loss of availability of systems due to unintentional reboot. In the graphical envir ... oval:org.secpod.oval:def:84509 Source-routed packets allow the source of the packet to suggest that routers forward the packet along a different path than configured on the router, which can be used to bypass network security measures. This requirement applies only to the forwarding of source-routed traffic, such as when IPv4 for ... oval:org.secpod.oval:def:84424 Ensure firewalld service is enabled and running oval:org.secpod.oval:def:84387 The number of allowed failed logins should be set correctly. oval:org.secpod.oval:def:84456 Group ownership for /bin, /usr/bin, /usr/local/bin, /sbin, /usr/sbin and /usr/local/sbin should be set correctly. oval:org.secpod.oval:def:84508 Source-routed packets allow the source of the packet to suggest that routers forward the packet along a different path than configured on the router, which can be used to bypass network security measures. This requirement applies only to the forwarding of source-routed traffic, such as when IPv4 for ... oval:org.secpod.oval:def:84429 The maximum password age policy should meet minimum requirements. oval:org.secpod.oval:def:84380 The use of wireless networking can introduce many different attack vectors into the organization's network. Common attack vectors such as malicious association and ad hoc networks will allow an attacker to spoof a wireless access point (AP), allowing validated systems to connect to the malicious AP ... oval:org.secpod.oval:def:84343 Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one. oval:org.secpod.oval:def:84348 Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one oval:org.secpod.oval:def:84521 The "nosuid" mount option causes the system to not execute setuid and setgid files with owner privileges. This option must be used for mounting any file system not containing approved setuid and setguid files. Executing files from untrusted file systems increases the opportunity for unprivileged use ... oval:org.secpod.oval:def:84512 If compression is allowed in an SSH connection prior to authentication, vulnerabilities in the compression software could result in compromise of the system from an unauthenticated connection, potentially with root privileges. oval:org.secpod.oval:def:84488 The /var directory is used by daemons and other system services to temporarily store dynamic data. Some directories created by these processes may be world-writable. oval:org.secpod.oval:def:84367 Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one oval:org.secpod.oval:def:84339 The audit-audispd-plugins must be installed on the SUSE operating system. oval:org.secpod.oval:def:84522 The "nosuid" mount option causes the system to not execute setuid and setgid files with owner privileges. This option must be used for mounting any file system not containing approved setuid and setguid files. Executing files from untrusted file systems increases the opportunity for unprivileged use ... oval:org.secpod.oval:def:84516 Ensure sshd service is enabled and running oval:org.secpod.oval:def:84445 Verify that Shared Library Files Have Restrictive Permissions (/lib, /lib64, /usr/lib or /usr/lib64) should be configured appropriately. oval:org.secpod.oval:def:84434 Ensure users' home directories permissions are 750 or more restrictive oval:org.secpod.oval:def:84476 The maximum password age policy should meet minimum requirements. oval:org.secpod.oval:def:84357 Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one oval:org.secpod.oval:def:84467 Ensure root is the only UID 0 account oval:org.secpod.oval:def:84412 Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one. Audit records can be generated from various components within th ... oval:org.secpod.oval:def:84415 The default umask for all users specified in /etc/login.defs oval:org.secpod.oval:def:84484 The audit rules should be configured to log information about kernel module loading and unloading. oval:org.secpod.oval:def:84397 The password hashing algorithm should be set correctly in /etc/pam.d/common-password. oval:org.secpod.oval:def:84442 The banner must be acknowledged by the user prior to allowing the user access to the SUSE operating system. This provides assurance that the user has seen the message and accepted the conditions for access. If the consent banner is not acknowledged by the user, DoD will not be in compliance with sys ... oval:org.secpod.oval:def:84341 Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one. oval:org.secpod.oval:def:84411 Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information. oval:org.secpod.oval:def:84353 Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one oval:org.secpod.oval:def:84350 Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one oval:org.secpod.oval:def:84359 Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one oval:org.secpod.oval:def:84511 If compression is allowed in an SSH connection prior to authentication, vulnerabilities in the compression software could result in compromise of the system from an unauthenticated connection, potentially with root privileges. oval:org.secpod.oval:def:84403 Once an attacker establishes initial access to a system, the attacker often attempts to create a persistent method of reestablishing access. One way to accomplish this is for the attacker to simply create a new account. Auditing of account creation mitigates this risk. oval:org.secpod.oval:def:84413 Information stored in one location is vulnerable to accidental or incidental deletion or alteration.Off-loading is a common process in information systems with limited audit storage capacity. oval:org.secpod.oval:def:84363 Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one oval:org.secpod.oval:def:84422 Without path validation, an informed trust decision by the relying party cannot be made when presented with any certificate not already explicitly trusted. oval:org.secpod.oval:def:84417 The SUSE operating system must enforce a delay of at least few seconds between logon prompts following a failed logon attempt. oval:org.secpod.oval:def:84349 Setting the boot loader password will require that anyone rebooting the system must enter a password before being able to set command line boot parameters. oval:org.secpod.oval:def:84352 Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one oval:org.secpod.oval:def:84425 Using an authentication device, such as a Common Access Card (CAC) or token separate from the information system, ensures credentials stored on the authentication device will not be affected if the information system is compromised. oval:org.secpod.oval:def:84486 auditd is the userspace component to the Linux Auditing System. It's responsible for writing audit records to the disk oval:org.secpod.oval:def:84482 GDM is the GNOME Display Manager which handles graphical login for GNOME based systems. Warning messages inform users who are attempting to login to the system of their legal status regarding the system and must include the name of the organization that owns the system and any monitoring policies th ... oval:org.secpod.oval:def:84454 File permissions for /bin, /usr/bin, /usr/local/bin, /sbin, /usr/sbin and /usr/local/sbin should be set correctly. oval:org.secpod.oval:def:84431 Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information. oval:org.secpod.oval:def:84373 Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one oval:org.secpod.oval:def:84506 The kernel runtime parameter "net.ipv6.conf.all.accept_redirects" should be set to "0". oval:org.secpod.oval:def:84371 Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one oval:org.secpod.oval:def:84335 Allowing devices and users to connect to or from the system without first authenticating them allows untrusted access and can lead to a compromise or attack. Audit events that may include sensitive data must be encrypted prior to transmission. Kerberos provides a mechanism to provide both authentica ... oval:org.secpod.oval:def:84351 Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one oval:org.secpod.oval:def:84428 Using an authentication device, such as a Common Access Card (CAC) or token separate from the information system, ensures that even if the information system is compromised, that compromise will not affect credentials stored on the authentication device. oval:org.secpod.oval:def:84416 The banner must be acknowledged by the user prior to allowing the user access to the SUSE operating system. This provides assurance that the user has seen the message and accepted the conditions for access. If the consent banner is not acknowledged by the user, DoD will not be in compliance with sys ... oval:org.secpod.oval:def:84364 Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one oval:org.secpod.oval:def:84395 The sudo command allows a user to execute programs with elevated (administrator) privileges. It prompts the user for their password and confirms your request to execute a command by checking a file, called sudoers. If the "sudoers" file is not configured correctly, any user defined on the system can ... oval:org.secpod.oval:def:84393 The sudo command allows a user to execute programs with elevated (administrator) privileges. It prompts the user for their password and confirms your request to execute a command by checking a file, called sudoers. If the "sudoers" file is not configured correctly, any user defined on the system can ... oval:org.secpod.oval:def:84520 An SSH public key is one of two files used in SSH public key authentication. In this authentication method, a public key is a key that can be used for verifying digital signatures generated using a corresponding private key. Only a public key that corresponds to a private key will be able to authent ... oval:org.secpod.oval:def:84356 Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one oval:org.secpod.oval:def:84510 Some adversaries launch attacks with the intent of executing code in nonexecutable regions of memory or in memory locations that are prohibited. Security safeguards employed to protect memory include, for example, data execution prevention and address space layout randomization. Data execution preve ... oval:org.secpod.oval:def:84342 Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one. oval:org.secpod.oval:def:84441 It is important to ensure that log files have the correct permissions to ensure that sensitive data is archived and protected. Other/world should not have the ability to view this information. Group should not have the ability to modify this information. oval:org.secpod.oval:def:84414 Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one. oval:org.secpod.oval:def:84449 Verify that Shared Library Files Have group Root Ownership (/lib, /lib64, /usr/lib or /usr/lib64) should be configured appropriately. oval:org.secpod.oval:def:84370 Ensure root is the only UID 0 account oval:org.secpod.oval:def:84483 The audit rules should be configured to log information about kernel module loading and unloading. oval:org.secpod.oval:def:84426 Emergency accounts are privileged accounts that are established in response to crisis situations where the need for rapid account activation is required. Therefore, emergency account activation may bypass normal account authorization processes. If these accounts are automatically disabled, system ma ... oval:org.secpod.oval:def:84347 Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information. At a minimum, the organization must audit the full-text recording of privileged commands. The organization must maintain audit trails in sufficient detail to reconstruct events t ... oval:org.secpod.oval:def:84346 Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one. Audit records can be generated from various components within the ... oval:org.secpod.oval:def:84440 Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information. oval:org.secpod.oval:def:84379 The kbd must be installed on the SUSE operating system. oval:org.secpod.oval:def:84394 Without re-authentication, users may access resources or perform tasks for which they do not have authorization. oval:org.secpod.oval:def:84461 System use notifications are required only for access via logon interfaces with human users and are not required when such human interfaces do not exist. oval:org.secpod.oval:def:84410 Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information. oval:org.secpod.oval:def:84517 Kernel core dumps may contain the full contents of system memory at the time of the crash. Kernel core dumps may consume a considerable amount of disk space and may result in denial of service by exhausting the available space on the target file system partition. oval:org.secpod.oval:def:84386 Previous versions of software components that are not removed from the information system after updates have been installed may be exploited by adversaries. Some information technology products may remove older versions of software automatically from the information system. oval:org.secpod.oval:def:84340 By default, the SUSE operating system includes the "-a task,never" audit rule as a default. This rule suppresses syscall auditing for all tasks started with this rule in effect. Because the audit daemon processes the "audit.rules" file from the top down, this rule supersedes all other defined syscal ... oval:org.secpod.oval:def:84427 Inaccurate time stamps make it more difficult to correlate events and can lead to an inaccurate analysis. Determining the correct time a particular event occurred on a system is critical when conducting forensic analysis and investigating system events. Sources outside the configured acceptable allo ... oval:org.secpod.oval:def:84396 If local interactive users are not assigned a valid home directory, there is no place for the storage and control of files they should own. oval:org.secpod.oval:def:84436 If any users' home directories do not exist, create them and make sure the respective user owns the directory. Users without an assigned home directory should be removed or assigned a home directory as appropriate. oval:org.secpod.oval:def:84383 Audit actions taken by system administrators on the system. oval:org.secpod.oval:def:84505 Routing protocol daemons are typically used on routers to exchange network topology information with other routers. If this software is used when not required, system network information may be unnecessarily transmitted across the network oval:org.secpod.oval:def:84374 Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one oval:org.secpod.oval:def:84398 The default umask for all users specified in /etc/login.defs oval:org.secpod.oval:def:84405 The system must use a strong hashing algorithm to store the password. The system must use a sufficient number of hashing rounds to ensure the required level of entropy. oval:org.secpod.oval:def:84402 Passwords need to be protected at all times, and encryption is the standard method for protecting passwords. If passwords are not encrypted, they can be plainly read (i.e., clear text) and easily compromised. oval:org.secpod.oval:def:84381 Ensure apparmor service is enabled and running oval:org.secpod.oval:def:84489 The /home directory is used to support disk storage needs of local users. oval:org.secpod.oval:def:84432 There are two important reasons to ensure that data gathered by is stored on a separate partition: protection against resource exhaustion (since the audit.log file can grow quite large) and protection of audit data. The audit daemon calculates how much free space is left and performs actions based ... oval:org.secpod.oval:def:84504 Routing protocol daemons are typically used on routers to exchange network topology information with other routers. If this software is used when not required, system network information may be unnecessarily transmitted across the network oval:org.secpod.oval:def:84439 Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information. oval:org.secpod.oval:def:84406 Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one. oval:org.secpod.oval:def:84399 Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. If the information system or application allows the user to consecutively reuse their password when that password has exceeded its defined lifetime, the end re ... oval:org.secpod.oval:def:84365 Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one oval:org.secpod.oval:def:84438 Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information. oval:org.secpod.oval:def:84443 If anomalies are not acted on, security functions may fail to secure the system. oval:org.secpod.oval:def:84472 The banner must be acknowledged by the user prior to allowing the user access to the SUSE operating system. This provides assurance that the user has seen the message and accepted the conditions for access. If the consent banner is not acknowledged by the user, DoD will not be in compliance with sys ... oval:org.secpod.oval:def:84337 Information stored in one location is vulnerable to accidental or incidental deletion or alteration.Off-loading is a common process in information systems with limited audit storage capacity. oval:org.secpod.oval:def:84513 Configuring this setting for the SSH daemon provides additional assurance that remote logon via SSH will require a password, even in the event of misconfiguration elsewhere. oval:org.secpod.oval:def:84464 The maximum number of concurrent login sessions per user should meet minimum requirements. oval:org.secpod.oval:def:84524 The "noexec" mount option causes the system to not execute binary files. This option must be used for mounting any file system not containing approved binary files, as they may be incompatible. Executing files from untrusted file systems increases the opportunity for unprivileged users to attain una ... oval:org.secpod.oval:def:84404 Once an attacker establishes initial access to a system, the attacker often attempts to create a persistent method of reestablishing access. One way to accomplish this is for the attacker to simply create a new account. Auditing of account creation mitigates this risk. oval:org.secpod.oval:def:84501 Failure to restrict system access to authenticated users negatively impacts SUSE operating system security. oval:org.secpod.oval:def:84382 Without reauthentication, users may access resources or perform tasks for which they do not have authorization. oval:org.secpod.oval:def:84420 If the Group Identifier (GID) of a local interactive user's home directory is not the same as the primary GID of the user, this would allow unauthorized access to the user's files, and users that share the same group may not be able to access files that they legitimately should. oval:org.secpod.oval:def:84388 Using an authentication device, such as a Common Access Card (CAC) or token that is separate from the information system, ensures that even if the information system is compromised, that compromise will not affect credentials stored on the authentication device. oval:org.secpod.oval:def:84338 Information stored in one location is vulnerable to accidental or incidental deletion or alteration.Off-loading is a common process in information systems with limited audit storage capacity. oval:org.secpod.oval:def:84336 Information stored in one location is vulnerable to accidental or incidental deletion or alteration.Off-loading is a common process in information systems with limited audit storage capacity. oval:org.secpod.oval:def:84384 If cached authentication information is out of date, the validity of the authentication information may be questionable. oval:org.secpod.oval:def:84487 If any user home directories do not exist, create them and make sure the respective user owns the directory. Users without an assigned home directory should be removed or assigned a home directory as appropriate. oval:org.secpod.oval:def:84419 A locally logged-on user, who presses Ctrl-Alt-Delete when at the console, can reboot the system. If accidentally pressed, as could happen in the case of a mixed OS environment, this can create the risk of short-term loss of availability of systems due to unintentional reboot. In the graphical user ... oval:org.secpod.oval:def:84409 The SSH idle timeout interval should be set to an appropriate value. oval:org.secpod.oval:def:84418 Ensure ctrl-alt-del.target service is masked oval:org.secpod.oval:def:84473 The minimum password age policy should be set appropriately. oval:org.secpod.oval:def:84475 The maximum password age policy should meet minimum requirements. |