CIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0

Audit Details

Name: CIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0

Updated: 7/27/2022

Authority: CIS

Plugin: Unix

Revision: 1.29

Estimated Item Count: 236

File Details

Filename: CIS_Ubuntu_12.04_LTS_Server_v1.1.0_L1.audit

Size: 354 kB

MD5: 2b2777497b5e73d99c1c166706149c2a
SHA256: 0a219159f739e95ddc71fd0c9cfa9cbc0e85d395f72fcfb204cc39f2ea5c53f5

Audit Items

DescriptionCategories
1.1 Install Updates, Patches and Additional Security Software
2.1 Create Separate Partition for /tmp
2.2 Set nodev option for /tmp Partition
2.3 Set nosuid option for /tmp Partition
2.4 Set noexec option for /tmp Partition
2.5 Create Separate Partition for /var
2.6 Bind Mount the /var/tmp directory to /tmp
2.7 Create Separate Partition for /var/log
2.8 Create Separate Partition for /var/log/audit
2.9 Create Separate Partition for /home
2.10 Add nodev Option to /home
2.11 Add nodev Option to Removable Media Partitions
2.12 Add noexec Option to Removable Media Partitions
2.13 Add nosuid Option to Removable Media Partitions
2.14 Add nodev Option to /run/shm Partition
2.15 Add nosuid Option to /run/shm Partition
2.16 Add noexec Option to /run/shm Partition
2.17 Set Sticky Bit on All World-Writable Directories

ACCESS CONTROL

2.25 Disable Automounting

CONFIGURATION MANAGEMENT

3.1 Set User/Group Owner on bootloader config

SYSTEM AND INFORMATION INTEGRITY

3.2 Set Permissions on bootloader config

SYSTEM AND INFORMATION INTEGRITY

3.3 Set Boot Loader Password - password

SYSTEM AND INFORMATION INTEGRITY

3.3 Set Boot Loader Password - set superusers

SYSTEM AND INFORMATION INTEGRITY

3.4 Require Authentication for Single-User Mode

IDENTIFICATION AND AUTHENTICATION

4.1 Restrict Core Dumps - 'fs.suid.dumpable = 0'

ACCESS CONTROL

4.1 Restrict Core Dumps - 'hard core 0'

ACCESS CONTROL

4.1 Restrict Core Dumps - apport

CONFIGURATION MANAGEMENT

4.1 Restrict Core Dumps - whoopsie

CONFIGURATION MANAGEMENT

4.2 Enable XD/NX Support on 32-bit x86 Systems

SYSTEM AND INFORMATION INTEGRITY

4.3 Enable Randomized Virtual Memory Region Placement

SYSTEM AND COMMUNICATIONS PROTECTION

4.4 Disable Prelink

CONFIGURATION MANAGEMENT

5.1.1 Ensure NIS is not installed

CONFIGURATION MANAGEMENT

5.1.2 Ensure rsh server is not enabled - 'exec'

CONFIGURATION MANAGEMENT

5.1.2 Ensure rsh server is not enabled - 'login'

CONFIGURATION MANAGEMENT

5.1.2 Ensure rsh server is not enabled - 'shell'

CONFIGURATION MANAGEMENT

5.1.3 Ensure rsh client is not installed - rsh-client

CONFIGURATION MANAGEMENT

5.1.3 Ensure rsh client is not installed - rsh-redone-client

CONFIGURATION MANAGEMENT

5.1.4 Ensure talk server is not enabled - 'ntalk'

CONFIGURATION MANAGEMENT

5.1.4 Ensure talk server is not enabled - 'talk'

CONFIGURATION MANAGEMENT

5.1.5 Ensure talk client is not installed

CONFIGURATION MANAGEMENT

5.1.6 Ensure telnet server is not enabled

CONFIGURATION MANAGEMENT

5.1.7 Ensure tftp-server is not enabled

CONFIGURATION MANAGEMENT

5.1.8 Ensure xinetd is not enabled

CONFIGURATION MANAGEMENT

5.2 Ensure chargen is not enabled

CONFIGURATION MANAGEMENT

5.3 Ensure daytime is not enabled

CONFIGURATION MANAGEMENT

5.4 Ensure echo is not enabled

CONFIGURATION MANAGEMENT

5.5 Ensure discard is not enabled

CONFIGURATION MANAGEMENT

5.6 Ensure time is not enabled

CONFIGURATION MANAGEMENT

6.1 Ensure the X Window system is not installed - Review

CONFIGURATION MANAGEMENT

6.2 Ensure Avahi Server is not enabled

CONFIGURATION MANAGEMENT