STIGQter STIGQter: STIG Summary: SUSE Linux Enterprise Server 15 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 23 Apr 2021:

SUSE operating system AppArmor tool must be configured to control whitelisted applications and user home directory access control.

DISA Rule

SV-234848r622137_rule

Vulnerability Number

V-234848

Group Title

SRG-OS-000312-GPOS-00122

Rule Version

SLES-15-010390

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the SUSE operating system to blacklist all applications by default and permit by whitelist.

Install "pam_apparmor" (if it is not installed) with the following command:

> sudo zypper in pam_apparmor

Enable/activate "Apparmor" (if it is not already active) with the following command:

> sudo systemctl enable apparmor.service

Start "Apparmor" with the following command:

> sudo systemctl start apparmor.service

Note: "pam_apparmor" must have properly configured profiles. All configurations will be based on the actual system setup and organization. See the "pam_apparmor" documentation for more information on configuring profiles.

Check Contents

Verify that the SUSE operating system AppArmor tool is configured to control whitelisted applications and user home directory access control.

Check that "pam_apparmor" is installed on the system with the following command:

> zypper info pam_apparmor | grep "Installed"

If the package "pam_apparmor" is not installed on the system, this is a finding.

Check that the "apparmor" daemon is running with the following command:

> systemctl status apparmor.service | grep -i active

Active: active (exited) since Fri 2017-01-13 01:01:01 GMT; 1day 1h ago

If something other than "Active: active" is returned, this is a finding.

Note: "pam_apparmor" must have properly configured profiles. All configurations will be based on the actual system setup and organization. See the "pam_apparmor" documentation for more information on configuring profiles.

Vulnerability Number

V-234848

Documentable

False

Rule Version

SLES-15-010390

Severity Override Guidance

Verify that the SUSE operating system AppArmor tool is configured to control whitelisted applications and user home directory access control.

Check that "pam_apparmor" is installed on the system with the following command:

> zypper info pam_apparmor | grep "Installed"

If the package "pam_apparmor" is not installed on the system, this is a finding.

Check that the "apparmor" daemon is running with the following command:

> systemctl status apparmor.service | grep -i active

Active: active (exited) since Fri 2017-01-13 01:01:01 GMT; 1day 1h ago

If something other than "Active: active" is returned, this is a finding.

Note: "pam_apparmor" must have properly configured profiles. All configurations will be based on the actual system setup and organization. See the "pam_apparmor" documentation for more information on configuring profiles.

Check Content Reference

M

Target Key

5274

Comments