STIGQter: STIG Summary: SLES 12 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The SUSE operating system Apparmor tool must be configured to control whitelisted applications and user home directory access control.

DISA Rule

SV-217158r646719_rule

Vulnerability Number

V-217158

Group Title

SRG-OS-000312-GPOS-00122

Rule Version

SLES-12-010600

Severity

CAT II

CCI(s)

• CCI-002165 - The information system enforces organization-defined discretionary access control policies over defined subjects and objects.
• CCI-002233 - The information system prevents organization-defined software from executing at higher privilege levels than users executing the software.
• CCI-001774 - The organization employs a deny-all, permit-by-exception policy to allow the execution of authorized software programs on the information system.
• CCI-002235 - The information system prevents non-privileged users from executing privileged functions to include disabling, circumventing, or altering implemented security safeguards/countermeasures.

Weight

10

Fix Recommendation

Configure the SUSE operating system to blacklist all applications by default and permit by whitelist.

Install "pam_apparmor" (if it is not installed) with the following command:

> sudo zypper in pam_apparmor

Enable/activate "Apparmor" (if it is not already active) with the following command:

> sudo systemctl enable apparmor.service

Start "Apparmor" with the following command:

> sudo systemctl start apparmor.service

Note: "pam_apparmor" must have properly configured profiles. All configurations will be based on the actual system setup and organization. See the "pam_apparmor" documentation for more information on configuring profiles.

Check Contents

Verify that the SUSE operating system Apparmor tool is configured to control whitelisted applications and user home directory access control.

Check that "pam_apparmor" is installed on the system with the following command:

> zypper info pam_apparmor | grep "Installed"

If the package "pam_apparmor" is not installed on the system, this is a finding.

Check that the "apparmor" daemon is running with the following command:

> systemctl status apparmor.service | grep -i active

Active: active (exited) since Fri 2017-01-13 01:01:01 GMT; 1day 1h ago

If something other than "Active: active" is returned, this is a finding.

Note: "pam_apparmor" must have properly configured profiles. All configurations will be based on the actual system setup and organization. See the "pam_apparmor" documentation for more information on configuring profiles.

Vulnerability Number

V-217158

Documentable

False

Rule Version

SLES-12-010600

Severity Override Guidance

Verify that the SUSE operating system Apparmor tool is configured to control whitelisted applications and user home directory access control.

Check that "pam_apparmor" is installed on the system with the following command:

> zypper info pam_apparmor | grep "Installed"

If the package "pam_apparmor" is not installed on the system, this is a finding.

Check that the "apparmor" daemon is running with the following command:

> systemctl status apparmor.service | grep -i active

Active: active (exited) since Fri 2017-01-13 01:01:01 GMT; 1day 1h ago

If something other than "Active: active" is returned, this is a finding.

Note: "pam_apparmor" must have properly configured profiles. All configurations will be based on the actual system setup and organization. See the "pam_apparmor" documentation for more information on configuring profiles.

Check Content Reference

M

Target Key

4033

Comments