CIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0

Audit Details

Name: CIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0

Updated: 9/19/2023

Authority: CIS

Plugin: Unix

Revision: 1.36

Estimated Item Count: 236

File Details

Filename: CIS_Ubuntu_12.04_LTS_Server_v1.1.0_L1.audit

Size: 369 kB

MD5: 3f789bee7b1872b0c714d75f6d836140
SHA256: 5a916663dfa75086337f8c35c9ed060827fe0799eee2d61fefdf189a98cc654c

Audit Items

DescriptionCategories
1.1 Install Updates, Patches and Additional Security Software

SYSTEM AND INFORMATION INTEGRITY

2.1 Create Separate Partition for /tmp

CONFIGURATION MANAGEMENT

2.2 Set nodev option for /tmp Partition

CONFIGURATION MANAGEMENT

2.3 Set nosuid option for /tmp Partition

CONFIGURATION MANAGEMENT

2.4 Set noexec option for /tmp Partition

CONFIGURATION MANAGEMENT

2.5 Create Separate Partition for /var

CONFIGURATION MANAGEMENT

2.6 Bind Mount the /var/tmp directory to /tmp

CONFIGURATION MANAGEMENT

2.7 Create Separate Partition for /var/log

AUDIT AND ACCOUNTABILITY

2.8 Create Separate Partition for /var/log/audit

AUDIT AND ACCOUNTABILITY

2.9 Create Separate Partition for /home

CONFIGURATION MANAGEMENT

2.10 Add nodev Option to /home

CONFIGURATION MANAGEMENT

2.11 Add nodev Option to Removable Media Partitions

CONFIGURATION MANAGEMENT

2.12 Add noexec Option to Removable Media Partitions

CONFIGURATION MANAGEMENT

2.13 Add nosuid Option to Removable Media Partitions

CONFIGURATION MANAGEMENT

2.14 Add nodev Option to /run/shm Partition

CONFIGURATION MANAGEMENT

2.15 Add nosuid Option to /run/shm Partition

CONFIGURATION MANAGEMENT

2.16 Add noexec Option to /run/shm Partition

CONFIGURATION MANAGEMENT

2.17 Set Sticky Bit on All World-Writable Directories

ACCESS CONTROL

2.25 Disable Automounting

CONFIGURATION MANAGEMENT

3.1 Set User/Group Owner on bootloader config

SYSTEM AND INFORMATION INTEGRITY

3.2 Set Permissions on bootloader config

SYSTEM AND INFORMATION INTEGRITY

3.3 Set Boot Loader Password - password

SYSTEM AND INFORMATION INTEGRITY

3.3 Set Boot Loader Password - set superusers

SYSTEM AND INFORMATION INTEGRITY

3.4 Require Authentication for Single-User Mode

IDENTIFICATION AND AUTHENTICATION

4.1 Restrict Core Dumps - 'fs.suid.dumpable = 0'

ACCESS CONTROL

4.1 Restrict Core Dumps - 'hard core 0'

ACCESS CONTROL

4.1 Restrict Core Dumps - apport

CONFIGURATION MANAGEMENT

4.1 Restrict Core Dumps - whoopsie

CONFIGURATION MANAGEMENT

4.2 Enable XD/NX Support on 32-bit x86 Systems

SYSTEM AND INFORMATION INTEGRITY

4.3 Enable Randomized Virtual Memory Region Placement

SYSTEM AND COMMUNICATIONS PROTECTION

4.4 Disable Prelink

CONFIGURATION MANAGEMENT

5.1.1 Ensure NIS is not installed

CONFIGURATION MANAGEMENT

5.1.2 Ensure rsh server is not enabled - 'exec'

CONFIGURATION MANAGEMENT

5.1.2 Ensure rsh server is not enabled - 'login'

CONFIGURATION MANAGEMENT

5.1.2 Ensure rsh server is not enabled - 'shell'

CONFIGURATION MANAGEMENT

5.1.3 Ensure rsh client is not installed - rsh-client

CONFIGURATION MANAGEMENT

5.1.3 Ensure rsh client is not installed - rsh-redone-client

CONFIGURATION MANAGEMENT

5.1.4 Ensure talk server is not enabled - 'ntalk'

CONFIGURATION MANAGEMENT

5.1.4 Ensure talk server is not enabled - 'talk'

CONFIGURATION MANAGEMENT

5.1.5 Ensure talk client is not installed

CONFIGURATION MANAGEMENT

5.1.6 Ensure telnet server is not enabled

CONFIGURATION MANAGEMENT

5.1.7 Ensure tftp-server is not enabled

CONFIGURATION MANAGEMENT

5.1.8 Ensure xinetd is not enabled

CONFIGURATION MANAGEMENT

5.2 Ensure chargen is not enabled

CONFIGURATION MANAGEMENT

5.3 Ensure daytime is not enabled

CONFIGURATION MANAGEMENT

5.4 Ensure echo is not enabled

CONFIGURATION MANAGEMENT

5.5 Ensure discard is not enabled

CONFIGURATION MANAGEMENT

5.6 Ensure time is not enabled

CONFIGURATION MANAGEMENT

6.1 Ensure the X Window system is not installed - Review

CONFIGURATION MANAGEMENT

6.2 Ensure Avahi Server is not enabled

CONFIGURATION MANAGEMENT