Ensure mounting of FAT filesystems is limited – modprobe msdos
Details The FAT filesystem format is primarily used on older windows systems and portable USB drives or flash modules. It...
- Home
- Security Hardening
- CIS SUSE Linux Enterprise 15 Server L2 V1.1.1
CIS SUSE Linux Enterprise 15 Server L2 V1.1.1
Ensure mounting of FAT filesystems is limited – modprobe vfat
Details The FAT filesystem format is primarily used on older windows systems and portable USB drives or flash modules. It...Ensure mounting of squashfs filesystems is disabled
Details The squashfs filesystem type is a compressed read-only Linux filesystem embedded in small footprint systems (similar to cramfs). A...Ensure SCTP is disabled – lsmod
Details The Stream Control Transmission Protocol (SCTP) is a transport layer protocol used to support message oriented communication, with several...Ensure SCTP is disabled – modprobe
Details The Stream Control Transmission Protocol (SCTP) is a transport layer protocol used to support message oriented communication, with several...Ensure separate partition exists for /home
Details The /home directory is used to support disk storage needs of local users. Rationale: If the system is intended...Ensure separate partition exists for /var
Details The /var directory is used by daemons and other system services to temporarily store dynamic data. Some directories created...Ensure separate partition exists for /var/log
Details The /var/log directory is used by system services to store log data. Rationale: There are two important reasons to...Ensure separate partition exists for /var/log/audit
Details The auditing daemon, auditd , stores log data in the /var/log/audit directory. Note: When modifying /var/log/audit it is advisable...Ensure separate partition exists for /var/tmp
Details The /var/tmp directory is a world-writable directory used for temporary storage by all users and some applications and is...