Detections
Analytics

CIS Ubuntu 12.04 LTS Benchmark L1 v1.0.0

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Ubuntu 12.04 LTS Benchmark L1 v1.0.0

Updated: 1/18/2016

Authority: CIS

Plugin: Unix

Revision: 1.7

Estimated Item Count: 236

File Details

Filename: CIS_Ubuntu_12.04_LTS_Server_v1.0.0_L1.audit

Size: 337 kB

MD5: 9533c4cda6eb40a09838ca7568fb6850
SHA256: 3e452c4a7f4b60c349d47da1c51de6598f19c20bb6a97176ed71be278d8ab8c9

Audit Items

DescriptionCategories
1.1 Install Updates, Patches and Additional Security Software
2.1 Create Separate Partition for /tmp

CONFIGURATION MANAGEMENT

2.2 Set nodev option for /tmp Partition

CONFIGURATION MANAGEMENT, MEDIA PROTECTION

2.3 Set nosuid option for /tmp Partition

CONFIGURATION MANAGEMENT, MEDIA PROTECTION

2.4 Set noexec option for /tmp Partition

CONFIGURATION MANAGEMENT, MEDIA PROTECTION

2.5 Create Separate Partition for /var

CONFIGURATION MANAGEMENT

2.6 Bind Mount the /var/tmp directory to /tmp

CONFIGURATION MANAGEMENT, MEDIA PROTECTION

2.7 Create Separate Partition for /var/log

AUDIT AND ACCOUNTABILITY

2.8 Create Separate Partition for /var/log/audit

AUDIT AND ACCOUNTABILITY

2.9 Create Separate Partition for /home
2.10 Add nodev Option to /home
2.11 Add nodev Option to Removable Media Partitions

CONFIGURATION MANAGEMENT, MEDIA PROTECTION

2.12 Add noexec Option to Removable Media Partitions

CONFIGURATION MANAGEMENT, MEDIA PROTECTION

2.13 Add nosuid Option to Removable Media Partitions

CONFIGURATION MANAGEMENT, MEDIA PROTECTION

2.14 Add nodev Option to /run/shm Partition

CONFIGURATION MANAGEMENT, MEDIA PROTECTION

2.15 Add nosuid Option to /run/shm Partition

CONFIGURATION MANAGEMENT, MEDIA PROTECTION

2.16 Add noexec Option to /run/shm Partition

CONFIGURATION MANAGEMENT, MEDIA PROTECTION

2.17 Set Sticky Bit on All World-Writable Directories

CONFIGURATION MANAGEMENT

2.25 Disable Automounting
3.1 Set User/Group Owner on bootloader config

ACCESS CONTROL, CONFIGURATION MANAGEMENT

3.2 Set Permissions on bootloader config
3.3 Set Boot Loader Password - password
3.3 Set Boot Loader Password - set superusers
3.4 Require Authentication for Single-User Mode
4.1 Restrict Core Dumps - 'fs.suid.dumpable = 0'
4.1 Restrict Core Dumps - 'hard core 0'
4.1 Restrict Core Dumps - apport
4.1 Restrict Core Dumps - whoopsie
4.2 Enable XD/NX Support on 32-bit x86 Systems
4.3 Enable Randomized Virtual Memory Region Placement
4.4 Disable Prelink
5.1.1 Ensure NIS is not installed
5.1.2 Ensure rsh server is not enabled - 'exec'
5.1.2 Ensure rsh server is not enabled - 'login'
5.1.2 Ensure rsh server is not enabled - 'shell'
5.1.3 Ensure rsh client is not installed - rsh-client
5.1.3 Ensure rsh client is not installed - rsh-redone-client
5.1.4 Ensure talk server is not enabled - 'ntalk'
5.1.4 Ensure talk server is not enabled - 'talk'
5.1.5 Ensure talk client is not installed
5.1.6 Ensure telnet server is not enabled
5.1.7 Ensure tftp-server is not enabled
5.1.8 Ensure xinetd is not enabled
5.2 Ensure chargen is not enabled
5.3 Ensure daytime is not enabled
5.4 Ensure echo is not enabled
5.5 Ensure discard is not enabled
5.6 Ensure time is not enabled
6.1 Ensure the X Window system is not installed - Review
6.2 Ensure Avahi Server is not enabled