Detections
Analytics

CIS Ubuntu Linux 16.04 LTS Workstation L1 v1.1.0

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Ubuntu Linux 16.04 LTS Workstation L1 v1.1.0

Updated: 10/1/2021

Authority: CIS

Plugin: Unix

Revision: 1.27

Estimated Item Count: 291

File Details

Filename: CIS_Ubuntu_16.04_LTS_Workstation_v1.1.0_L1.audit

Size: 466 kB

MD5: 2b220d386ff33dc32eeac1f5479336a4
SHA256: a4f5c0a143de076bbb93b47900e6d5ce9459aba083fdfdcf62fc056fc81e2592

Audit Changelog

 
Revision 1.27

Oct 1, 2021

Miscellaneous
  • Audit deprecated.
  • Metadata updated.
  • References updated.
Revision 1.26

Jun 17, 2021

Miscellaneous
  • Metadata updated.
  • References updated.
Revision 1.25

Oct 14, 2020

Functional Update
  • 4.2.4 Ensure permissions on all logfiles are configured
Revision 1.24

Oct 5, 2020

Functional Update
  • 1.1.17 Ensure nodev option set on removable media partitions
  • 1.1.18 Ensure nosuid option set on removable media partitions
  • 1.1.19 Ensure noexec option set on removable media partitions
  • 1.5.2 Ensure XD/NX support is enabled
  • 1.7.2 Ensure GDM login banner is configured - 'banner-message-enable'
  • 1.7.2 Ensure GDM login banner is configured - 'banner-message-text'
  • 1.7.2 Ensure GDM login banner is configured - 'file-db'
  • 1.7.2 Ensure GDM login banner is configured - 'system-db'
  • 1.7.2 Ensure GDM login banner is configured - 'user-db'
  • 2.2.1.1 Ensure time synchronization is in use
  • 2.2.1.2 Ensure ntp is configured - 'RUNASUSER'
  • 2.2.1.2 Ensure ntp is configured - 'restrict -4'
  • 2.2.1.2 Ensure ntp is configured - 'restrict -6'
  • 2.2.1.2 Ensure ntp is configured - 'server'
  • 2.2.1.3 Ensure chrony is configured
  • 2.2.1.3 Ensure chrony is configured - 'server'
  • 4.2.1.1 Ensure rsyslog Service is enabled
  • 4.2.1.2 Ensure logging is configured - '*.*;mail.none;news.none -/var/log/messages'
  • 4.2.1.2 Ensure logging is configured - '*.=warning;*.=err -/var/log/warn'
  • 4.2.1.2 Ensure logging is configured - '*.crit /var/log/warn'
  • 4.2.1.2 Ensure logging is configured - '*.emerg :omusrmsg:*'
  • 4.2.1.2 Ensure logging is configured - 'local0,local1.* -/var/log/localmessages'
  • 4.2.1.2 Ensure logging is configured - 'local2,local3.* -/var/log/localmessages'
  • 4.2.1.2 Ensure logging is configured - 'local4,local5.* -/var/log/localmessages'
  • 4.2.1.2 Ensure logging is configured - 'local6,local7.* -/var/log/localmessages'
  • 4.2.1.2 Ensure logging is configured - 'mail.* -/var/log/mail'
  • 4.2.1.2 Ensure logging is configured - 'mail.err /var/log/mail.err'
  • 4.2.1.2 Ensure logging is configured - 'mail.info -/var/log/mail.info'
  • 4.2.1.2 Ensure logging is configured - 'mail.warning -/var/log/mail.warn'
  • 4.2.1.2 Ensure logging is configured - 'news.crit -/var/log/news/news.crit'
  • 4.2.1.2 Ensure logging is configured - 'news.err -/var/log/news/news.err'
  • 4.2.1.2 Ensure logging is configured - 'news.notice -/var/log/news/news.notice'
  • 4.2.1.3 Ensure rsyslog default file permissions configured - rsyslog.conf/rsyslog.d
  • 4.2.1.4 Ensure rsyslog is configured to send logs to a remote log host - rsyslog.conf/rsyslogd.
  • 4.2.1.5 Ensure remote rsyslog messages are only accepted on designated log hosts - '$InputTCPServerRun 514' - rsyslog.conf/rsyslog.d
  • 4.2.1.5 Ensure remote rsyslog messages are only accepted on designated log hosts - '$ModLoad imtcp.so' - rsyslog.conf/rsyslog.d
  • 4.2.2.1 Ensure syslog-ng service is enabled
  • 4.2.2.2 Ensure logging is configured
  • 4.2.2.3 Ensure syslog-ng default file permissions configured
  • 4.2.2.4 Ensure syslog-ng is configured to send logs to a remote log host - 'destination logserver'
  • 4.2.2.4 Ensure syslog-ng is configured to send logs to a remote log host - 'log'
  • 4.2.2.5 Ensure remote syslog-ng messages are only accepted on designated log hosts
  • 4.2.3 Ensure rsyslog or syslog-ng is installed
Miscellaneous
  • Platform check updated.
Revision 1.23

Sep 29, 2020

Miscellaneous
  • References updated.
Revision 1.22

Aug 25, 2020

Functional Update
  • 5.4.1.1 Ensure password expiration is 90 days or less - users
Revision 1.21

Aug 10, 2020

Functional Update
  • 3.3.3 Ensure IPv6 is disabled
Revision 1.20

Aug 4, 2020

Functional Update
  • 1.7.1.1 Ensure message of the day is configured properly - mrsv
  • 1.7.1.2 Ensure local login warning banner is configured properly - mrsv
  • 1.7.1.3 Ensure remote login warning banner is configured properly - mrsv
  • 4.2.4 Ensure permissions on all logfiles are configured
Revision 1.19

Jul 28, 2020

Functional Update
  • 6.1.11 Ensure no unowned files or directories exist
  • 6.1.12 Ensure no ungrouped files or directories exist
Revision 1.18

Jul 15, 2020

Functional Update
  • 5.2.11 Ensure only approved MAC algorithms are used
  • 5.4.1.1 Ensure password expiration is 90 days or less - users
  • 5.4.1.2 Ensure minimum days between password changes is 7 or more - users
  • 5.4.1.3 Ensure password expiration warning days is 7 or more - users
  • 5.4.1.4 Ensure inactive password lock is 30 days or less - users
  • 5.4.4 Ensure default user umask is 027 or more restrictive - '/etc/bash.bashrc'
  • 5.4.4 Ensure default user umask is 027 or more restrictive - /etc/profile /etc/profile.d/*.sh
  • 6.2.10 Ensure users' dot files are not group or world writable
  • 6.2.9 Ensure users own their home directories