CIS Ubuntu 12.04 LTS Benchmark L2 v1.1.0

Audit Details

Name: CIS Ubuntu 12.04 LTS Benchmark L2 v1.1.0

Updated: 4/25/2022

Authority: CIS

Plugin: Unix

Revision: 1.22

Estimated Item Count: 66

File Details

Filename: CIS_Ubuntu_12.04_LTS_Server_v1.1.0_L2.audit

Size: 148 kB

MD5: bebac821ddda0d24dc9d3d6ddb6c3eab
SHA256: f39c178df17e3fdc3ff3fd42434595e92c00af419483a9fede8e46cc7692c1aa

Audit Items

DescriptionCategories
2.18 Disable Mounting of cramfs Filesystems

CONFIGURATION MANAGEMENT

2.19 Disable Mounting of freevxfs Filesystems

CONFIGURATION MANAGEMENT

2.20 Disable Mounting of jffs2 Filesystems

CONFIGURATION MANAGEMENT

2.21 Disable Mounting of hfs Filesystems

CONFIGURATION MANAGEMENT

2.22 Disable Mounting of hfsplus Filesystems

CONFIGURATION MANAGEMENT

2.23 Disable Mounting of squashfs Filesystems

CONFIGURATION MANAGEMENT

2.24 Disable Mounting of udf Filesystems

CONFIGURATION MANAGEMENT

4.5 Activate AppArmor - '0 processes unconfined'

ACCESS CONTROL

4.5 Activate AppArmor - '0 profiles in complain mode'

ACCESS CONTROL

4.5 Activate AppArmor - 'Profiles are loaded' - Review

ACCESS CONTROL

8.1.1.1 Configure Audit Log Storage Size

AUDIT AND ACCOUNTABILITY

8.1.1.2 Disable System on Audit Log Full - 'action_mail_acct is configured'

AUDIT AND ACCOUNTABILITY

8.1.1.2 Disable System on Audit Log Full - 'admin_space_left_action = halt'

AUDIT AND ACCOUNTABILITY

8.1.1.2 Disable System on Audit Log Full- 'space_left_action = email'

AUDIT AND ACCOUNTABILITY

8.1.1.3 Keep All Auditing Information

AUDIT AND ACCOUNTABILITY

8.1.2 Install and Enable auditd Service

AUDIT AND ACCOUNTABILITY

8.1.3 Enable Auditing for Processes That Start Prior to auditd

AUDIT AND ACCOUNTABILITY

8.1.4 Record Events That Modify Date and Time Information - '64bit adjtimex'

AUDIT AND ACCOUNTABILITY

8.1.4 Record Events That Modify Date and Time Information - '64bit clock_settime'

AUDIT AND ACCOUNTABILITY

8.1.4 Record Events That Modify Date and Time Information- '32bit adjtimex'

AUDIT AND ACCOUNTABILITY

8.1.4 Record Events That Modify Date and Time Information- '32bit clock_settime'

AUDIT AND ACCOUNTABILITY

8.1.4 Record Events That Modify Date and Time Information- 'time-change'

AUDIT AND ACCOUNTABILITY

8.1.5 Record Events That Modify User/Group Information - '/etc/group'

AUDIT AND ACCOUNTABILITY

8.1.5 Record Events That Modify User/Group Information - '/etc/gshadow'

AUDIT AND ACCOUNTABILITY

8.1.5 Record Events That Modify User/Group Information - '/etc/passwd'

AUDIT AND ACCOUNTABILITY

8.1.5 Record Events That Modify User/Group Information- '/etc/security/opasswd'

AUDIT AND ACCOUNTABILITY

8.1.5 Record Events That Modify User/Group Information- '/etc/shadow'

AUDIT AND ACCOUNTABILITY

8.1.6 Record Events That Modify the System's Network Environment - '/etc/hosts'

AUDIT AND ACCOUNTABILITY

8.1.6 Record Events That Modify the System's Network Environment - '/etc/network'

AUDIT AND ACCOUNTABILITY

8.1.6 Record Events That Modify the System's Network Environment- '/etc/issue.net'

AUDIT AND ACCOUNTABILITY

8.1.6 Record Events That Modify the System's Network Environment- '/etc/issue'

AUDIT AND ACCOUNTABILITY

8.1.6 Record Events That Modify the System's Network Environment- '32bit sethostname'

AUDIT AND ACCOUNTABILITY

8.1.6 Record Events That Modify the System's Network Environment- '64bit sethostname'

AUDIT AND ACCOUNTABILITY

8.1.7 Record Events That Modify the System's Mandatory Access Controls

AUDIT AND ACCOUNTABILITY

8.1.8 Collect Login and Logout Events- '/var/log/faillog'

AUDIT AND ACCOUNTABILITY

8.1.8 Collect Login and Logout Events- '/var/log/lastlog'

AUDIT AND ACCOUNTABILITY

8.1.8 Collect Login and Logout Events- '/var/log/tallylog'

AUDIT AND ACCOUNTABILITY

8.1.9 Collect Session Initiation Information- '/var/log/btmp'

AUDIT AND ACCOUNTABILITY

8.1.9 Collect Session Initiation Information- '/var/log/wtmp'

AUDIT AND ACCOUNTABILITY

8.1.9 Collect Session Initiation Information- '/var/run/utmp'

AUDIT AND ACCOUNTABILITY

8.1.10 Collect Discretionary Access Control Permission Modification Events- '32bit chmod/fchmod/fchmodat'

AUDIT AND ACCOUNTABILITY

8.1.10 Collect Discretionary Access Control Permission Modification Events- '32bit chown/fchown/fchownat/lchown'

AUDIT AND ACCOUNTABILITY

8.1.10 Collect Discretionary Access Control Permission Modification Events- '32bit setxattr'

AUDIT AND ACCOUNTABILITY

8.1.10 Collect Discretionary Access Control Permission Modification Events- '64bit chmod/fchmod/fchmodat'

AUDIT AND ACCOUNTABILITY

8.1.10 Collect Discretionary Access Control Permission Modification Events- '64bit chown/fchown/fchownat/lchown'

AUDIT AND ACCOUNTABILITY

8.1.10 Collect Discretionary Access Control Permission Modification Events- '64bit setxattr'

AUDIT AND ACCOUNTABILITY

8.1.11 Collect Unsuccessful Unauthorized Access Attempts to Files- '32bit EACCES'

AUDIT AND ACCOUNTABILITY

8.1.11 Collect Unsuccessful Unauthorized Access Attempts to Files- '32bit EPERM'

AUDIT AND ACCOUNTABILITY

8.1.11 Collect Unsuccessful Unauthorized Access Attempts to Files- '64bit EACCES'

AUDIT AND ACCOUNTABILITY

8.1.11 Collect Unsuccessful Unauthorized Access Attempts to Files- '64bit EPERM'

AUDIT AND ACCOUNTABILITY