CIS Ubuntu Linux 18.04 LXD Container L1 v1.0.0

Audit Details

Name: CIS Ubuntu Linux 18.04 LXD Container L1 v1.0.0

Updated: 1/10/2023

Authority: CIS

Plugin: Unix

Revision: 1.10

Estimated Item Count: 260

File Details

Filename: CIS_Ubuntu_18.04_LXD_Container_v1.0.0_L1.audit

Size: 603 kB

MD5: 651b636cc44b1d465297e90f5d1bf1c2
SHA256: 59caddebbb5ec5e2a6ee9f64c59294215604499ae0ac8e5b792760987d49b8a6

Audit Items

DescriptionCategories
1.1.1 Ensure /tmp is configured

CONFIGURATION MANAGEMENT

1.1.2 Ensure sticky bit is set on all world-writable directories

CONFIGURATION MANAGEMENT

1.2.1 Ensure package manager repositories are configured

SYSTEM AND INFORMATION INTEGRITY

1.2.2 Ensure GPG keys are configured

SYSTEM AND INFORMATION INTEGRITY

1.3.1 Ensure sudo is installed

ACCESS CONTROL

1.3.2 Ensure sudo commands use pty

ACCESS CONTROL

1.3.3 Ensure sudo log file exists

AUDIT AND ACCOUNTABILITY

1.4.1 Ensure AIDE is installed

AUDIT AND ACCOUNTABILITY

1.4.2 Ensure filesystem integrity is regularly checked

AUDIT AND ACCOUNTABILITY

1.5.1 Ensure prelink is disabled

AUDIT AND ACCOUNTABILITY

1.6.1.1 Ensure AppArmor is installed

ACCESS CONTROL

1.6.1.2 Ensure all AppArmor Profiles are in enforce or complain mode - loaded

ACCESS CONTROL

1.6.1.2 Ensure all AppArmor Profiles are in enforce or complain mode - unconfined

ACCESS CONTROL

1.7.1.1 Ensure message of the day is configured properly

CONFIGURATION MANAGEMENT

1.7.1.2 Ensure local login warning banner is configured properly

CONFIGURATION MANAGEMENT

1.7.1.3 Ensure remote login warning banner is configured properly

CONFIGURATION MANAGEMENT

1.7.1.4 Ensure permissions on /etc/motd are configured

CONFIGURATION MANAGEMENT

1.7.1.5 Ensure permissions on /etc/issue are configured

CONFIGURATION MANAGEMENT

1.7.1.6 Ensure permissions on /etc/issue.net are configured

CONFIGURATION MANAGEMENT

1.8 Ensure updates, patches, and additional security software are installed

SYSTEM AND INFORMATION INTEGRITY

2.1.1 Ensure xinetd is not installed

SYSTEM AND INFORMATION INTEGRITY

2.1.2 Ensure openbsd-inetd is not installed

SYSTEM AND INFORMATION INTEGRITY

2.2.1 Ensure X Window System is not installed

CONFIGURATION MANAGEMENT

2.2.2 Ensure Avahi Server is not enabled

SYSTEM AND INFORMATION INTEGRITY

2.2.3 Ensure CUPS is not enabled

SYSTEM AND INFORMATION INTEGRITY

2.2.4 Ensure DHCP Server is not enabled - isc-dhcp-server

SYSTEM AND INFORMATION INTEGRITY

2.2.4 Ensure DHCP Server is not enabled - isc-dhcp-server6

SYSTEM AND INFORMATION INTEGRITY

2.2.5 Ensure LDAP server is not enabled

SYSTEM AND INFORMATION INTEGRITY

2.2.6 Ensure RPC is not enabled

SYSTEM AND INFORMATION INTEGRITY

2.2.7 Ensure DNS Server is not enabled

SYSTEM AND INFORMATION INTEGRITY

2.2.8 Ensure FTP Server is not enabled

SYSTEM AND INFORMATION INTEGRITY

2.2.9 Ensure HTTP server is not enabled

SYSTEM AND INFORMATION INTEGRITY

2.2.10 Ensure email services are not enabled

SYSTEM AND INFORMATION INTEGRITY

2.2.11 Ensure Samba is not enabled

SYSTEM AND INFORMATION INTEGRITY

2.2.12 Ensure HTTP Proxy Server is not enabled

SYSTEM AND INFORMATION INTEGRITY

2.2.13 Ensure SNMP Server is not enabled

SYSTEM AND INFORMATION INTEGRITY

2.2.14 Ensure mail transfer agent is configured for local-only mode

SYSTEM AND INFORMATION INTEGRITY

2.2.15 Ensure rsync service is not enabled

SYSTEM AND INFORMATION INTEGRITY

2.2.16 Ensure NIS Server is not enabled

SYSTEM AND INFORMATION INTEGRITY

2.3.1 Ensure NIS Client is not installed

CONFIGURATION MANAGEMENT

2.3.2 Ensure rsh client is not installed

IDENTIFICATION AND AUTHENTICATION

2.3.3 Ensure talk client is not installed

CONFIGURATION MANAGEMENT

2.3.4 Ensure telnet client is not installed

IDENTIFICATION AND AUTHENTICATION

2.3.5 Ensure LDAP client is not installed

CONFIGURATION MANAGEMENT

2.4 Ensure nonessential services are removed or masked

SYSTEM AND INFORMATION INTEGRITY

3.1.1 Ensure packet redirect sending is disabled - net.ipv4.conf.all.send_redirects (sysctl.conf/sysctl.d)

CONFIGURATION MANAGEMENT

3.1.1 Ensure packet redirect sending is disabled - net.ipv4.conf.default.send_redirects (sysctl.conf/sysctl.d)

CONFIGURATION MANAGEMENT

3.1.1 Ensure packet redirect sending is disabled - sysctl net.ipv4.conf.all.send_redirects

CONFIGURATION MANAGEMENT

3.1.1 Ensure packet redirect sending is disabled - sysctl net.ipv4.conf.default.send_redirects

CONFIGURATION MANAGEMENT

3.1.2 Ensure IP forwarding is disabled - ipv4 (sysctl.conf/sysctl.d)

CONFIGURATION MANAGEMENT