CIS Ubuntu Linux 18.04 LTS Server L2 v2.1.0

Audit Details

Name: CIS Ubuntu Linux 18.04 LTS Server L2 v2.1.0

Updated: 9/16/2022

Authority: CIS

Plugin: Unix

Revision: 1.6

Estimated Item Count: 127

File Details

Filename: CIS_Ubuntu_18.04_LTS_Server_v2.1.0_L2.audit

Size: 397 kB

MD5: aa846cdf5ee9827bcf60f1009d966003
SHA256: b5d031530d73684d30904ec61281d66293e6b924734f3cd121f9cde62b269c93

Audit Items

DescriptionCategories
1.1.10 Ensure separate partition exists for /var

ACCESS CONTROL

1.1.11 Ensure separate partition exists for /var/tmp

CONFIGURATION MANAGEMENT

1.1.15 Ensure separate partition exists for /var/log

AUDIT AND ACCOUNTABILITY

1.1.16 Ensure separate partition exists for /var/log/audit

AUDIT AND ACCOUNTABILITY

1.1.17 Ensure separate partition exists for /home

CONFIGURATION MANAGEMENT

1.6.1.4 Ensure all AppArmor Profiles are enforcing - complain

ACCESS CONTROL

1.6.1.4 Ensure all AppArmor Profiles are enforcing - loaded

ACCESS CONTROL

1.6.1.4 Ensure all AppArmor Profiles are enforcing - unconfined

ACCESS CONTROL

1.8.1 Ensure GNOME Display Manager is removed

CONFIGURATION MANAGEMENT

3.1.1 Disable IPv6

CONFIGURATION MANAGEMENT

3.4.1 Ensure DCCP is disabled - lsmod

CONFIGURATION MANAGEMENT

3.4.1 Ensure DCCP is disabled - modprobe

CONFIGURATION MANAGEMENT

3.4.2 Ensure SCTP is disabled - lsmod

CONFIGURATION MANAGEMENT

3.4.2 Ensure SCTP is disabled - modprobe

CONFIGURATION MANAGEMENT

3.4.3 Ensure RDS is disabled - lsmod

CONFIGURATION MANAGEMENT

3.4.3 Ensure RDS is disabled - modprobe

CONFIGURATION MANAGEMENT

3.4.4 Ensure TIPC is disabled - lsmod

CONFIGURATION MANAGEMENT

3.4.4 Ensure TIPC is disabled - modprobe

CONFIGURATION MANAGEMENT

4.1.1.1 Ensure auditd is installed

AUDIT AND ACCOUNTABILITY

4.1.1.2 Ensure auditd service is enabled

AUDIT AND ACCOUNTABILITY

4.1.1.3 Ensure auditing for processes that start prior to auditd is enabled

AUDIT AND ACCOUNTABILITY

4.1.1.4 Ensure audit_backlog_limit is sufficient

AUDIT AND ACCOUNTABILITY

4.1.2.1 Ensure audit log storage size is configured

AUDIT AND ACCOUNTABILITY

4.1.2.2 Ensure audit logs are not automatically deleted

AUDIT AND ACCOUNTABILITY

4.1.2.3 Ensure system is disabled when audit logs are full - 'action_mail_acct = root'

AUDIT AND ACCOUNTABILITY

4.1.2.3 Ensure system is disabled when audit logs are full - 'admin_space_left_action = halt'

AUDIT AND ACCOUNTABILITY

4.1.2.3 Ensure system is disabled when audit logs are full - 'space_left_action = email'

AUDIT AND ACCOUNTABILITY

4.1.3 Ensure events that modify date and time information are collected - /etc/localtime

AUDIT AND ACCOUNTABILITY

4.1.3 Ensure events that modify date and time information are collected - adjtimex (32-bit)

AUDIT AND ACCOUNTABILITY

4.1.3 Ensure events that modify date and time information are collected - adjtimex (64-bit)

AUDIT AND ACCOUNTABILITY

4.1.3 Ensure events that modify date and time information are collected - auditctl /etc/localtime

AUDIT AND ACCOUNTABILITY

4.1.3 Ensure events that modify date and time information are collected - auditctl adjtimex (32-bit)

AUDIT AND ACCOUNTABILITY

4.1.3 Ensure events that modify date and time information are collected - auditctl adjtimex (64-bit)

AUDIT AND ACCOUNTABILITY

4.1.3 Ensure events that modify date and time information are collected - auditctl clock_settime (32-bit)

AUDIT AND ACCOUNTABILITY

4.1.3 Ensure events that modify date and time information are collected - auditctl clock_settime (64-bit)

AUDIT AND ACCOUNTABILITY

4.1.3 Ensure events that modify date and time information are collected - clock_settime (32-bit)

AUDIT AND ACCOUNTABILITY

4.1.3 Ensure events that modify date and time information are collected - clock_settime (64-bit)

AUDIT AND ACCOUNTABILITY

4.1.4 Ensure events that modify user/group information are collected - /etc/group

AUDIT AND ACCOUNTABILITY

4.1.4 Ensure events that modify user/group information are collected - /etc/gshadow

AUDIT AND ACCOUNTABILITY

4.1.4 Ensure events that modify user/group information are collected - /etc/passwd

AUDIT AND ACCOUNTABILITY

4.1.4 Ensure events that modify user/group information are collected - /etc/security/opasswd

AUDIT AND ACCOUNTABILITY

4.1.4 Ensure events that modify user/group information are collected - /etc/shadow

AUDIT AND ACCOUNTABILITY

4.1.4 Ensure events that modify user/group information are collected - auditctl /etc/group

AUDIT AND ACCOUNTABILITY

4.1.4 Ensure events that modify user/group information are collected - auditctl /etc/gshadow

AUDIT AND ACCOUNTABILITY

4.1.4 Ensure events that modify user/group information are collected - auditctl /etc/passwd

AUDIT AND ACCOUNTABILITY

4.1.4 Ensure events that modify user/group information are collected - auditctl /etc/security/opasswd

AUDIT AND ACCOUNTABILITY

4.1.4 Ensure events that modify user/group information are collected - auditctl /etc/shadow

AUDIT AND ACCOUNTABILITY

4.1.5 Ensure events that modify the system's network environment are collected - /etc/hosts

AUDIT AND ACCOUNTABILITY

4.1.5 Ensure events that modify the system's network environment are collected - /etc/network

AUDIT AND ACCOUNTABILITY

4.1.5 Ensure events that modify the system's network environment are collected - auditctl hosts

AUDIT AND ACCOUNTABILITY