STIGQter STIGQter: STIG Summary:

SLES 12 Security Technical Implementation Guide

Version: 2

Release: 3 Benchmark Date: 23 Apr 2021

CheckedNameTitle
SV-217101r603262_ruleThe SUSE operating system must be a vendor-supported release.
SV-217102r603262_ruleVendor-packaged SUSE operating system security patches and updates must be installed and up to date.
SV-217103r603262_ruleThe SUSE operating system must display the Standard Mandatory DoD Notice and Consent Banner until users acknowledge the usage conditions and take explicit actions to log on for further access to the local graphical user interface.
SV-217104r603262_ruleThe SUSE operating system must display the Standard Mandatory DoD Notice and Consent Banner before granting access via local console.
SV-217105r646678_ruleThe SUSE operating system must display a banner before granting local or remote access to the system via a graphical user logon.
SV-217106r646681_ruleThe SUSE operating system must display the approved Standard Mandatory DoD Notice before granting local or remote access to the system via a graphical user logon.
SV-217107r603262_ruleThe SUSE operating system must be able to lock the graphical user interface (GUI).
SV-217108r603262_ruleThe SUSE operating system must utilize vlock to allow for session locking.
SV-217109r646684_ruleThe SUSE operating system must initiate a session lock after a 15-minute period of inactivity for the graphical user interface.
SV-217110r603262_ruleThe SUSE operating system must initiate a session lock after a 15-minute period of inactivity.
SV-217111r603262_ruleThe SUSE operating system must conceal, via the session lock, information previously visible on the display with a publicly viewable image in the graphical user interface.
SV-217112r646686_ruleThe SUSE operating system must reauthenticate users when changing authenticators, roles, or escalating privileges.
SV-217113r603262_ruleThe SUSE operating system must limit the number of concurrent sessions to 10 for all accounts and/or account types.
SV-217114r603262_ruleThe SUSE operating system must lock an account after three consecutive invalid access attempts.
SV-217116r603262_ruleThe SUSE operating system must enforce a delay of at least four (4) seconds between logon prompts following a failed logon attempt.
SV-217117r603262_ruleThe SUSE operating system must enforce passwords that contain at least one upper-case character.
SV-217118r603262_ruleThe SUSE operating system must enforce passwords that contain at least one lower-case character.
SV-217119r603262_ruleThe SUSE operating system must enforce passwords that contain at least one numeric character.
SV-217120r603262_ruleThe SUSE operating system must enforce passwords that contain at least one special character.
SV-217121r603262_ruleThe SUSE operating system must require the change of at least eight (8) of the total number of characters when passwords are changed.
SV-217122r646689_ruleThe SUSE operating system must employ FIPS 140-2 approved cryptographic hashing algorithm for system authentication (login.defs).
SV-217123r646692_ruleThe SUSE operating system must employ FIPS 140-2-approved cryptographic hashing algorithms for all stored passwords.
SV-217124r603262_ruleThe SUSE operating system must configure the Linux Pluggable Authentication Modules (PAM) to only store encrypted representations of passwords.
SV-217125r603262_ruleThe SUSE operating system must not be configured to allow blank or null passwords.
SV-217126r603262_ruleThe SUSE operating system must employ FIPS 140-2-approved cryptographic hashing algorithms for all stored passwords.
SV-217127r603262_ruleThe SUSE operating system must employ passwords with a minimum of 15 characters.
SV-217128r646695_ruleThe SUSE operating system must be configured to create or update passwords with a minimum lifetime of 24 hours (one day).
SV-217129r646698_ruleThe SUSE operating system must employ user passwords with a minimum lifetime of 24 hours (one day).
SV-217130r646701_ruleThe SUSE operating system must be configured to create or update passwords with a maximum lifetime of 60 days.
SV-217131r646704_ruleThe SUSE operating system must employ user passwords with a maximum lifetime of 60 days.
SV-217132r603262_ruleThe SUSE operating system must employ a password history file.
SV-217133r603262_ruleThe SUSE operating system must not allow passwords to be reused for a minimum of five (5) generations.
SV-217134r603262_ruleThe SUSE operating system must prevent the use of dictionary words for passwords.
SV-217135r603262_ruleThe SUSE operating system must never automatically remove or disable emergency administrator accounts.
SV-217136r603262_ruleThe SUSE operating system must disable account identifiers (individuals, groups, roles, and devices) after 35 days of inactivity after password expiration.
SV-217137r603262_ruleThe SUSE operating system must provision temporary accounts with an expiration date for 72 hours.
SV-217138r603262_ruleThe SUSE operating system must enforce a delay of at least four seconds between logon prompts following a failed logon attempt.
SV-217139r646707_ruleThe SUSE operating system must not allow unattended or automatic logon via the graphical user interface.
SV-217140r646709_ruleThe SUSE operating system must display the date and time of the last successful account logon upon logon.
SV-217141r603262_ruleThere must be no .shosts files on the SUSE operating system.
SV-217142r603262_ruleThere must be no shosts.equiv files on the SUSE operating system.
SV-217143r603262_ruleFIPS 140-2 mode must be enabled on the SUSE operating system.
SV-217144r603262_ruleSUSE operating systems with a basic input/output system (BIOS) must require authentication upon booting into single-user and maintenance modes.
SV-217145r603262_ruleSUSE operating systems with Unified Extensible Firmware Interface (UEFI) implemented must require authentication upon booting into single-user mode and maintenance.
SV-217146r603262_ruleAll SUSE operating system persistent disk partitions must implement cryptographic mechanisms to prevent unauthorized disclosure or modification of all information that requires at rest protection.
SV-217147r603262_ruleThe sticky bit must be set on all SUSE operating system world-writable directories.
SV-217148r603262_ruleAdvanced Intrusion Detection Environment (AIDE) must verify the baseline SUSE operating system configuration at least weekly.
SV-217149r603262_ruleThe SUSE operating system must notify the System Administrator (SA) when AIDE discovers anomalies in the operation of any security functions.
SV-217150r646711_ruleThe SUSE operating system file integrity tool must be configured to verify Access Control Lists (ACLs).
SV-217151r646713_ruleThe SUSE operating system file integrity tool must be configured to verify extended attributes.
SV-217152r603262_ruleThe SUSE operating system file integrity tool must be configured to protect the integrity of the audit tools.
SV-217153r646716_ruleThe SUSE operating system tool zypper must have gpgcheck enabled.
SV-217154r603262_ruleThe SUSE operating system must remove all outdated software components after updated versions have been installed.
SV-217155r603262_ruleThe SUSE operating system must disable the USB mass storage kernel module.
SV-217156r603262_ruleThe SUSE operating system must disable the file system automounter unless required.
SV-217158r646719_ruleThe SUSE operating system Apparmor tool must be configured to control whitelisted applications and user home directory access control.
SV-217159r646722_ruleThe SUSE operating system must disable the x86 Ctrl-Alt-Delete key sequence.
SV-217160r646725_ruleThe SUSE operating system must disable the x86 Ctrl-Alt-Delete key sequence for Graphical User Interfaces.
SV-217161r603262_ruleThe SUSE operating system default permissions must be defined in such a way that all authenticated users can only read and modify their own files.
SV-217162r603262_ruleThe SUSE operating system must not have unnecessary accounts.
SV-217163r603262_ruleThe SUSE operating system must not have duplicate User IDs (UIDs) for interactive users.
SV-217164r603262_ruleThe SUSE operating system root account must be the only account having unrestricted access to the system.
SV-217166r603262_ruleIf Network Security Services (NSS) is being used by the SUSE operating system it must prohibit the use of cached authentications after one day.
SV-217167r603262_ruleThe SUSE operating system must configure the Linux Pluggable Authentication Modules (PAM) to prohibit the use of cached offline authentications after one day.
SV-217168r603262_ruleAll SUSE operating system files and directories must have a valid owner.
SV-217169r603262_ruleAll SUSE operating system files and directories must have a valid group owner.
SV-217170r646728_ruleAll SUSE operating system local interactive users must have a home directory assigned in the /etc/passwd file.
SV-217171r603262_ruleAll SUSE operating system local interactive user accounts, upon creation, must be assigned a home directory.
SV-217172r603885_ruleAll SUSE operating system local interactive user home directories defined in the /etc/passwd file must exist.
SV-217173r603887_ruleAll SUSE operating system local interactive user home directories must have mode 0750 or less permissive.
SV-217174r603889_ruleAll SUSE operating system local interactive user home directories must be group-owned by the home directory owners primary group.
SV-217175r603262_ruleAll SUSE operating system local initialization files must have mode 0740 or less permissive.
SV-217176r603262_ruleAll SUSE operating system local interactive user initialization files executable search paths must contain only paths that resolve to the users home directory.
SV-217177r646731_ruleAll SUSE operating system local initialization files must not execute world-writable programs.
SV-217178r603891_ruleSUSE operating system file systems that contain user home directories must be mounted to prevent files with the setuid and setgid bit set from being executed.
SV-217179r603262_ruleSUSE operating system file systems that are used with removable media must be mounted to prevent files with the setuid and setgid bit set from being executed.
SV-217180r603262_ruleSUSE operating system file systems that are being imported via Network File System (NFS) must be mounted to prevent files with the setuid and setgid bit set from being executed.
SV-217181r603262_ruleSUSE operating system file systems that are being imported via Network File System (NFS) must be mounted to prevent binary files from being executed.
SV-217182r603262_ruleAll SUSE operating system world-writable directories must be group-owned by root, sys, bin, or an application group.
SV-217183r603262_ruleSUSE operating system kernel core dumps must be disabled unless needed.
SV-217184r603893_ruleA separate file system must be used for SUSE operating system user home directories (such as /home or an equivalent).
SV-217185r603262_ruleThe SUSE operating system must use a separate file system for /var.
SV-217186r603262_ruleThe SUSE operating system must use a separate file system for the system audit data path.
SV-217188r646734_ruleThe SUSE operating system must prevent unauthorized users from accessing system error messages.
SV-217189r646737_ruleThe SUSE operating system must be configured to not overwrite Pluggable Authentication Modules (PAM) configuration on package changes.
SV-217190r603262_ruleThe SUSE operating system must have the auditing package installed.
SV-217191r603262_ruleSUSE operating system audit records must contain information to establish what type of events occurred, the source of events, where events occurred, and the outcome of events.
SV-217192r603262_ruleThe SUSE operating system must allocate audit record storage capacity to store at least one weeks worth of audit records when audit records are not immediately sent to a central audit record storage facility.
SV-217193r603262_ruleThe SUSE operating system auditd service must notify the System Administrator (SA) and Information System Security Officer (ISSO) immediately when audit storage capacity is 75 percent full.
SV-217194r603262_ruleThe Information System Security Officer (ISSO) and System Administrator (SA), at a minimum, must be alerted of a SUSE operating system audit processing failure event.
SV-217195r646740_ruleThe Information System Security Officer (ISSO) and System Administrator (SA), at a minimum, must have mail aliases to be notified of a SUSE operating system audit processing failure.
SV-217196r603262_ruleThe SUSE operating system audit system must take appropriate action when the audit storage volume is full.
SV-217197r603262_ruleThe audit-audispd-plugins must be installed on the SUSE operating system.
SV-217198r603262_ruleThe SUSE operating system audit event multiplexor must be configured to use Kerberos.
SV-217199r603262_ruleAudispd must off-load audit records onto a different system or media from the SUSE operating system being audited.
SV-217200r603262_ruleThe audit system must take appropriate action when the network cannot be used to off-load audit records.
SV-217201r603262_ruleAudispd must take appropriate action when the SUSE operating system audit storage is full.
SV-217202r603262_ruleThe SUSE operating system must protect audit rules from unauthorized modification.
SV-217203r646743_ruleThe SUSE operating system audit tools must have the proper permissions configured to protect against unauthorized access.
SV-217204r646746_ruleThe SUSE operating system must not disable syscall auditing.
SV-217205r603262_ruleThe SUSE operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.
SV-217206r603262_ruleThe SUSE operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.
SV-217207r603262_ruleThe SUSE operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.
SV-217208r603262_ruleThe SUSE operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/opasswd.
SV-217209r603262_ruleThe SUSE operating system must generate audit records for all uses of the privileged functions.
SV-217210r603896_ruleThe SUSE operating system must generate audit records for all uses of the su command.
SV-217211r603899_ruleThe SUSE operating system must generate audit records for all uses of the sudo command.
SV-217212r603902_ruleThe SUSE operating system must generate audit records for all uses of the chfn command.
SV-217213r603262_ruleThe SUSE operating system must generate audit records for all uses of the mount command.
SV-217214r603262_ruleThe SUSE operating system must generate audit records for all uses of the umount command.
SV-217215r603905_ruleThe SUSE operating system must generate audit records for all uses of the ssh-agent command.
SV-217216r603908_ruleThe SUSE operating system must generate audit records for all uses of the ssh-keysign command.
SV-217217r603262_ruleThe SUSE operating system must generate audit records for all uses of the kmod command.
SV-217218r603262_ruleThe SUSE operating system must generate audit records for all uses of the setxattr command.
SV-217219r603262_ruleThe SUSE operating system must generate audit records for all uses of the fsetxattr command.
SV-217220r603262_ruleThe SUSE operating system must generate audit records for all uses of the removexattr command.
SV-217221r603262_ruleThe SUSE operating system must generate audit records for all uses of the lremovexattr command.
SV-217222r603262_ruleThe SUSE operating system must generate audit records for all uses of the fremovexattr command.
SV-217223r603262_ruleThe SUSE operating system must generate audit records for all uses of the chown command.
SV-217224r603262_ruleThe SUSE operating system must generate audit records for all uses of the fchown command.
SV-217225r603262_ruleThe SUSE operating system must generate audit records for all uses of the lchown command.
SV-217226r603262_ruleThe SUSE operating system must generate audit records for all uses of the fchownat command.
SV-217227r603262_ruleThe SUSE operating system must generate audit records for all uses of the chmod command.
SV-217228r603262_ruleThe SUSE operating system must generate audit records for all uses of the fchmod command.
SV-217229r603262_ruleThe SUSE operating system must generate audit records for all uses of the fchmodat command.
SV-217230r603262_ruleThe SUSE operating system must generate audit records for all uses of the open command.
SV-217231r603262_ruleThe SUSE operating system must generate audit records for all uses of the truncate command.
SV-217232r603262_ruleThe SUSE operating system must generate audit records for all uses of the ftruncate command.
SV-217233r603262_ruleThe SUSE operating system must generate audit records for all uses of the creat command.
SV-217234r603262_ruleThe SUSE operating system must generate audit records for all uses of the openat command.
SV-217235r603262_ruleThe SUSE operating system must generate audit records for all uses of the open_by_handle_at command.
SV-217236r603911_ruleThe SUSE operating system must generate audit records for all uses of the passwd command.
SV-217237r603914_ruleThe SUSE operating system must generate audit records for all uses of the gpasswd command.
SV-217238r603917_ruleThe SUSE operating system must generate audit records for all uses of the newgrp command.
SV-217239r603920_ruleThe SUSE operating system must generate audit records for a uses of the chsh command.
SV-217240r603262_ruleThe SUSE operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.
SV-217241r603923_ruleThe SUSE operating system must generate audit records for all uses of the chmod command.
SV-217242r603926_ruleThe SUSE operating system must generate audit records for all uses of the setfacl command.
SV-217243r603929_ruleThe SUSE operating system must generate audit records for all uses of the chacl command.
SV-217244r603932_ruleSuccessful/unsuccessful attempts to modify categories of information (e.g., classification levels) must generate audit records.
SV-217245r603935_ruleThe SUSE operating system must generate audit records for all uses of the rm command.
SV-217246r603262_ruleThe SUSE operating system must generate audit records for all modifications to the tallylog file must generate an audit record.
SV-217247r603262_ruleThe SUSE operating system must generate audit records for all modifications to the lastlog file.
SV-217248r603938_ruleThe SUSE operating system must generate audit records for all uses of the passmass command.
SV-217249r603941_ruleThe SUSE operating system must generate audit records for all uses of the unix_chkpwd command.
SV-217250r603944_ruleThe SUSE operating system must generate audit records for all uses of the chage command.
SV-217251r603947_ruleThe SUSE operating system must generate audit records for all uses of the usermod command.
SV-217252r603950_ruleThe SUSE operating system must generate audit records for all uses of the crontab command.
SV-217253r603953_ruleThe SUSE operating system must generate audit records for all uses of the pam_timestamp_check command.
SV-217254r603262_ruleThe SUSE operating system must generate audit records for all uses of the delete_module command.
SV-217255r603262_ruleThe SUSE operating system must generate audit records for all uses of the finit_module command.
SV-217256r603262_ruleThe SUSE operating system must generate audit records for all uses of the init_module command.
SV-217257r603262_ruleThe SUSE operating system must generate audit records for all modifications to the faillog file.
SV-217258r603262_ruleThe SUSE operating system must not have the telnet-server package installed.
SV-217260r603262_ruleThe SUSE operating system file /etc/gdm/banner must contain the Standard Mandatory DoD Notice and Consent banner text.
SV-217261r603262_ruleThe SUSE operating system must be configured to prohibit or restrict the use of functions, ports, protocols, and/or services as defined in the Ports, Protocols, and Services Management (PPSM) Category Assignments List (CAL) and vulnerability assessments.
SV-217262r603262_ruleSuSEfirewall2 must protect against or limit the effects of Denial-of-Service (DoS) attacks on the SUSE operating system by implementing rate-limiting measures on impacted network interfaces.
SV-217263r603262_ruleThe SUSE operating system must display the Standard Mandatory DoD Notice and Consent Banner before granting access via SSH.
SV-217264r603262_ruleAll networked SUSE operating systems must have and implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission.
SV-217265r603262_ruleThe SUSE operating system must log SSH connection attempts and failures to the server.
SV-217266r603262_ruleThe SUSE operating system must display the date and time of the last successful account logon upon an SSH logon.
SV-217267r603262_ruleThe SUSE operating system must deny direct logons to the root account using remote access via SSH.
SV-217268r603262_ruleThe SUSE operating system must not allow automatic logon via SSH.
SV-217269r646747_ruleThe SUSE operating system must not allow users to override SSH environment variables.
SV-217270r603956_ruleThe SUSE operating system must implement DoD-approved encryption to protect the confidentiality of SSH remote connections.
SV-217271r603959_ruleThe SUSE operating system SSH daemon must be configured to only use Message Authentication Codes (MACs) employing FIPS 140-2 approved cryptographic hash algorithms.
SV-217272r603262_ruleThe SUSE operating system SSH daemon must be configured with a timeout interval.
SV-217273r603961_ruleThe SUSE operating system for all network connections associated with SSH traffic must immediately terminate at the end of the session or after 10 minutes of inactivity.
SV-217274r603262_ruleThe SUSE operating system SSH daemon must be configured to not allow authentication using known hosts authentication.
SV-217275r646750_ruleThe SUSE operating system SSH daemon public host key files must have mode 0644 or less permissive.
SV-217276r646753_ruleThe SUSE operating system SSH daemon private host key files must have mode 0600 or less permissive.
SV-217277r603262_ruleThe SUSE operating system SSH daemon must perform strict mode checking of home directory configuration files.
SV-217278r603262_ruleThe SUSE operating system SSH daemon must use privilege separation.
SV-217279r603262_ruleThe SUSE operating system SSH daemon must not allow compression or must only allow compression after successful authentication.
SV-217280r603964_ruleThe SUSE operating system SSH daemon must disable forwarded remote X connections for interactive users, unless to fulfill documented and validated mission requirements.
SV-217281r646755_ruleThe SUSE operating system clock must, for networked systems, be synchronized to an authoritative DoD time source at least every 24 hours.
SV-217282r646758_ruleThe SUSE operating system must be configured to use Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT).
SV-217283r646761_ruleThe SUSE operating system must implement kptr-restrict to prevent the leaking of internal kernel addresses.
SV-217284r646764_ruleAddress space layout randomization (ASLR) must be implemented by the SUSE operating system to protect memory from unauthorized code execution.
SV-217285r603262_ruleThe SUSE operating system must off-load rsyslog messages for networked systems in real time and off-load standalone systems at least weekly.
SV-217286r603262_ruleThe SUSE operating system must be configured to use TCP syncookies.
SV-217287r603262_ruleThe SUSE operating system must not forward Internet Protocol version 4 (IPv4) source-routed packets.
SV-217288r603262_ruleThe SUSE operating system must not forward Internet Protocol version 6 (IPv6) source-routed packets.
SV-217289r603262_ruleThe SUSE operating system must not forward Internet Protocol version 4 (IPv4) source-routed packets by default.
SV-217290r603262_ruleThe SUSE operating system must not respond to Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) echoes sent to a broadcast address.
SV-217291r603262_ruleThe SUSE operating system must prevent Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirect messages from being accepted.
SV-217292r603262_ruleThe SUSE operating system must not allow interfaces to accept Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirect messages by default.
SV-217293r603262_ruleThe SUSE operating system must not allow interfaces to accept Internet Protocol version 6 (IPv6) Internet Control Message Protocol (ICMP) redirect messages by default.
SV-217294r603262_ruleThe SUSE operating system must not allow interfaces to send Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirect messages by default.
SV-217295r603262_ruleThe SUSE operating system must not send Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirects.
SV-217296r646767_ruleThe SUSE operating system must not be performing Internet Protocol version 4 (IPv4) packet forwarding unless the system is a router.
SV-217297r603262_ruleThe SUSE operating system must not have network interfaces in promiscuous mode unless approved and documented.
SV-217298r603262_ruleThe SUSE operating system wireless network adapters must be disabled unless approved and documented.
SV-217299r603262_ruleThe SUSE operating system must have the packages required for multifactor authentication to be installed.
SV-217300r603262_ruleThe SUSE operating system must implement certificate status checking for multifactor authentication.
SV-217301r603262_ruleThe SUSE operating system must implement multifactor authentication for access to privileged accounts via pluggable authentication modules (PAM).
SV-217302r646769_ruleThe SUSE operating system, for PKI-based authentication, must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor.
SV-222385r603262_ruleThe SUSE operating system must have a host-based intrusion detection tool installed.
SV-222386r603262_ruleThe SUSE operating system must use a virus scan program.
SV-233308r603331_ruleThe SUSE operating system SSH daemon must prevent remote hosts from connecting to the proxy display.
SV-237603r646772_ruleThe SUSE operating system must restrict privilege elevation to authorized personnel.
SV-237604r646775_ruleThe SUSE operating system must use the invoking user's password for privilege escalation when using "sudo".
SV-237605r646778_ruleThe SUSE operating system must require re-authentication when using the "sudo" command.
SV-237606r646781_ruleThe SUSE operating system must not have unnecessary account capabilities.
SV-237607r646784_ruleThe SUSE operating system library files must have mode 0755 or less permissive.
SV-237608r646787_ruleThe SUSE operating system library directories must have mode 0755 or less permissive.
SV-237609r646790_ruleThe SUSE operating system library files must be owned by root.
SV-237610r646793_ruleThe SUSE operating system library directories must be owned by root.
SV-237611r646796_ruleThe SUSE operating system library files must be group-owned by root.
SV-237612r646799_ruleThe SUSE operating system library directories must be group-owned by root.
SV-237613r646802_ruleThe SUSE operating system must have system commands set to a mode of 0755 or less permissive.
SV-237614r646805_ruleThe SUSE operating system must have directories that contain system commands set to a mode of 0755 or less permissive.
SV-237615r646808_ruleThe SUSE operating system must have system commands owned by root.
SV-237616r646811_ruleThe SUSE operating system must have directories that contain system commands owned by root.
SV-237617r646814_ruleThe SUSE operating system must have system commands group-owned by root.
SV-237618r646817_ruleThe SUSE operating system must have directories that contain system commands group-owned by root.
SV-237619r646820_ruleThe SUSE operating system must not have the vsftpd package installed if not required for operational support.
SV-237620r646823_ruleThe SUSE operating system must not forward Internet Protocol version 6 (IPv6) source-routed packets by default.
SV-237621r646826_ruleThe SUSE operating system must prevent Internet Protocol version 6 (IPv6) Internet Control Message Protocol (ICMP) redirect messages from being accepted.
SV-237622r646829_ruleThe SUSE operating system must not be performing Internet Protocol version 6 (IPv6) packet forwarding unless the system is a router.
SV-237623r646832_ruleThe SUSE operating system must not be performing Internet Protocol version 6 (IPv6) packet forwarding by default unless the system is a router.