CIS Ubuntu Linux 18.04 LXD Container L1 v1.0.0

Audit Details

Name: CIS Ubuntu Linux 18.04 LXD Container L1 v1.0.0

Updated: 11/6/2024

Authority: CIS

Plugin: Unix

Revision: 1.28

Estimated Item Count: 245

File Details

Filename: CIS_Ubuntu_18.04_LXD_Container_v1.0.0_L1.audit

Size: 569 kB

MD5: 67b6d2646e3cc9bc5f9ace204487574d
SHA256: 06ece31f0bdcb65df57d8ef4398f52184a279611ec2be38dd0a08e8346979ad2

Audit Items

DescriptionCategories
1.1.1 Ensure /tmp is configured

CONFIGURATION MANAGEMENT

1.1.2 Ensure sticky bit is set on all world-writable directories

CONFIGURATION MANAGEMENT

1.2.1 Ensure package manager repositories are configured

SYSTEM AND INFORMATION INTEGRITY

1.2.2 Ensure GPG keys are configured

SYSTEM AND INFORMATION INTEGRITY

1.3.1 Ensure sudo is installed

ACCESS CONTROL

1.3.2 Ensure sudo commands use pty

ACCESS CONTROL

1.3.3 Ensure sudo log file exists

AUDIT AND ACCOUNTABILITY

1.4.1 Ensure AIDE is installed

AUDIT AND ACCOUNTABILITY

1.4.2 Ensure filesystem integrity is regularly checked

AUDIT AND ACCOUNTABILITY

1.5.1 Ensure prelink is disabled

AUDIT AND ACCOUNTABILITY

1.6.1.1 Ensure AppArmor is installed

ACCESS CONTROL

1.6.1.2 Ensure all AppArmor Profiles are in enforce or complain mode - loaded

ACCESS CONTROL

1.6.1.2 Ensure all AppArmor Profiles are in enforce or complain mode - unconfined

ACCESS CONTROL

1.7.1.1 Ensure message of the day is configured properly

CONFIGURATION MANAGEMENT

1.7.1.2 Ensure local login warning banner is configured properly

CONFIGURATION MANAGEMENT

1.7.1.3 Ensure remote login warning banner is configured properly

CONFIGURATION MANAGEMENT

1.7.1.4 Ensure permissions on /etc/motd are configured

CONFIGURATION MANAGEMENT

1.7.1.5 Ensure permissions on /etc/issue are configured

CONFIGURATION MANAGEMENT

1.7.1.6 Ensure permissions on /etc/issue.net are configured

CONFIGURATION MANAGEMENT

1.8 Ensure updates, patches, and additional security software are installed

SYSTEM AND INFORMATION INTEGRITY

2.1.1 Ensure xinetd is not installed

CONFIGURATION MANAGEMENT

2.1.2 Ensure openbsd-inetd is not installed

CONFIGURATION MANAGEMENT

2.2.1 Ensure X Window System is not installed

CONFIGURATION MANAGEMENT

2.2.2 Ensure Avahi Server is not enabled

CONFIGURATION MANAGEMENT

2.2.3 Ensure CUPS is not enabled

CONFIGURATION MANAGEMENT

2.2.4 Ensure DHCP Server is not enabled - isc-dhcp-server

CONFIGURATION MANAGEMENT

2.2.4 Ensure DHCP Server is not enabled - isc-dhcp-server6

CONFIGURATION MANAGEMENT

2.2.5 Ensure LDAP server is not enabled

CONFIGURATION MANAGEMENT

2.2.6 Ensure RPC is not enabled

CONFIGURATION MANAGEMENT

2.2.7 Ensure DNS Server is not enabled

CONFIGURATION MANAGEMENT

2.2.8 Ensure FTP Server is not enabled

CONFIGURATION MANAGEMENT

2.2.9 Ensure HTTP server is not enabled

CONFIGURATION MANAGEMENT

2.2.10 Ensure email services are not enabled

CONFIGURATION MANAGEMENT

2.2.11 Ensure Samba is not enabled

CONFIGURATION MANAGEMENT

2.2.12 Ensure HTTP Proxy Server is not enabled

CONFIGURATION MANAGEMENT

2.2.13 Ensure SNMP Server is not enabled

CONFIGURATION MANAGEMENT

2.2.14 Ensure mail transfer agent is configured for local-only mode

CONFIGURATION MANAGEMENT

2.2.15 Ensure rsync service is not enabled

CONFIGURATION MANAGEMENT

2.2.16 Ensure NIS Server is not enabled

CONFIGURATION MANAGEMENT

2.3.1 Ensure NIS Client is not installed

CONFIGURATION MANAGEMENT

2.3.2 Ensure rsh client is not installed

IDENTIFICATION AND AUTHENTICATION

2.3.3 Ensure talk client is not installed

CONFIGURATION MANAGEMENT

2.3.4 Ensure telnet client is not installed

IDENTIFICATION AND AUTHENTICATION

2.3.5 Ensure LDAP client is not installed

CONFIGURATION MANAGEMENT

2.4 Ensure nonessential services are removed or masked

CONFIGURATION MANAGEMENT

3.1.1 Ensure packet redirect sending is disabled - net.ipv4.conf.all.send_redirects (sysctl.conf/sysctl.d)

CONFIGURATION MANAGEMENT

3.1.1 Ensure packet redirect sending is disabled - net.ipv4.conf.default.send_redirects (sysctl.conf/sysctl.d)

CONFIGURATION MANAGEMENT

3.1.1 Ensure packet redirect sending is disabled - sysctl net.ipv4.conf.all.send_redirects

CONFIGURATION MANAGEMENT

3.1.1 Ensure packet redirect sending is disabled - sysctl net.ipv4.conf.default.send_redirects

CONFIGURATION MANAGEMENT

3.1.2 Ensure IP forwarding is disabled - ipv4 (sysctl.conf/sysctl.d)

CONFIGURATION MANAGEMENT