CIS Ubuntu Linux 20.04 LTS Server L2 v1.1.0

Audit Details

Name: CIS Ubuntu Linux 20.04 LTS Server L2 v1.1.0

Updated: 3/7/2023

Authority: CIS

Plugin: Unix

Revision: 1.10

Estimated Item Count: 133

File Details

Filename: CIS_Ubuntu_20.04_LTS_v1.1.0_Server_L2.audit

Size: 417 kB

MD5: 95e7d5851af423e187c80d469ba3b1b6
SHA256: cfc9c0990d29c16d5fc5708bcbc94d8e013ac720d4d421d26a7289951ca9d28e

Audit Changelog

 
Revision 1.10

Mar 7, 2023

Miscellaneous
  • Metadata updated.
  • References updated.
Revision 1.9

Jan 4, 2023

Miscellaneous
  • Metadata updated.
  • Variables updated.
Revision 1.8

Dec 19, 2022

Functional Update
  • 4.1.17 Ensure the audit configuration is immutable
Revision 1.7

Dec 7, 2022

Miscellaneous
  • Metadata updated.
Revision 1.6

Sep 30, 2022

Functional Update
  • 4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - EACCES
  • 4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - EACCES (64-bit)
  • 4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - EPERM
  • 4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - EPERM (64-bit)
  • 4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - auditctl EACCES
  • 4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - auditctl EACCES (64-bit)
  • 4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - auditctl EPERM
  • 4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - auditctl EPERM (64-bit)
  • 4.1.12 Ensure successful file system mounts are collected - 32-bit
  • 4.1.12 Ensure successful file system mounts are collected - 64-bit
  • 4.1.12 Ensure successful file system mounts are collected - auditctl (32-bit)
  • 4.1.12 Ensure successful file system mounts are collected - auditctl (64-bit)
  • 4.1.13 Ensure file deletion events by users are collected - 32-bit
  • 4.1.13 Ensure file deletion events by users are collected - 64-bit
  • 4.1.13 Ensure file deletion events by users are collected - auditctl (32-bit)
  • 4.1.13 Ensure file deletion events by users are collected - auditctl (64-bit)
  • 4.1.15 Ensure system administrator command executions (sudo) are collected - b32
  • 4.1.15 Ensure system administrator command executions (sudo) are collected - b32 auditctl
  • 4.1.15 Ensure system administrator command executions (sudo) are collected - b64
  • 4.1.15 Ensure system administrator command executions (sudo) are collected - b64 auditctl
  • 4.1.16 Ensure kernel module loading and unloading is collected - auditctl init_module/delete_module (32-bit)
  • 4.1.16 Ensure kernel module loading and unloading is collected - auditctl init_module/delete_module (64-bit)
  • 4.1.16 Ensure kernel module loading and unloading is collected - init_module/delete_module (64-bit)
  • 4.1.16 Ensure kernel module loading and unloading is collected - init_module/delete_module (32-bit)
  • 4.1.3 Ensure events that modify date and time information are collected - adjtimex (32-bit)
  • 4.1.3 Ensure events that modify date and time information are collected - adjtimex (64-bit)
  • 4.1.3 Ensure events that modify date and time information are collected - auditctl adjtimex (32-bit)
  • 4.1.3 Ensure events that modify date and time information are collected - auditctl adjtimex (64-bit)
  • 4.1.3 Ensure events that modify date and time information are collected - auditctl clock_settime (32-bit)
  • 4.1.3 Ensure events that modify date and time information are collected - auditctl clock_settime (64-bit)
  • 4.1.3 Ensure events that modify date and time information are collected - clock_settime (32-bit)
  • 4.1.3 Ensure events that modify date and time information are collected - clock_settime (64-bit)
  • 4.1.5 Ensure events that modify the system's network environment are collected - auditctl sethostname (32-bit)
  • 4.1.5 Ensure events that modify the system's network environment are collected - auditctl sethostname (64-bit)
  • 4.1.5 Ensure events that modify the system's network environment are collected - sethostname (32-bit)
  • 4.1.5 Ensure events that modify the system's network environment are collected - sethostname (64-bit)
  • 4.1.9 Ensure discretionary access control permission modification events are collected - auditctl chmod/fchmod/fchmodat
  • 4.1.9 Ensure discretionary access control permission modification events are collected - auditctl chmod/fchmod/fchmodat (64-bit)
  • 4.1.9 Ensure discretionary access control permission modification events are collected - auditctl chown/fchown/fchownat/lchown
  • 4.1.9 Ensure discretionary access control permission modification events are collected - auditctl chown/fchown/fchownat/lchown (64-bit)
  • 4.1.9 Ensure discretionary access control permission modification events are collected - auditctl setxattr/lsetxattr/fsetxattr/removexattr
  • 4.1.9 Ensure discretionary access control permission modification events are collected - auditctl xattr (64-bit)
  • 4.1.9 Ensure discretionary access control permission modification events are collected - chmod/fchmod/fchmodat
  • 4.1.9 Ensure discretionary access control permission modification events are collected - chmod/fchmod/fchmodat (64-bit)
  • 4.1.9 Ensure discretionary access control permission modification events are collected - chown/fchown/fchownat/lchown
  • 4.1.9 Ensure discretionary access control permission modification events are collected - chown/fchown/fchownat/lchown (64-bit)
  • 4.1.9 Ensure discretionary access control permission modification events are collected - setxattr/lsetxattr/fsetxattr/removexattr
  • 4.1.9 Ensure discretionary access control permission modification events are collected - xattr (64-bit)
Revision 1.5

Sep 16, 2022

Functional Update
  • 4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - EACCES
  • 4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - EACCES (64-bit)
  • 4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - EPERM
  • 4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - EPERM (64-bit)
  • 4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - auditctl EACCES
  • 4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - auditctl EACCES (64-bit)
  • 4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - auditctl EPERM
  • 4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - auditctl EPERM (64-bit)
  • 4.1.11 Ensure use of privileged commands is collected
  • 4.1.12 Ensure successful file system mounts are collected - 32-bit
  • 4.1.12 Ensure successful file system mounts are collected - 64-bit
  • 4.1.12 Ensure successful file system mounts are collected - auditctl (32-bit)
  • 4.1.12 Ensure successful file system mounts are collected - auditctl (64-bit)
  • 4.1.13 Ensure file deletion events by users are collected - 32-bit
  • 4.1.13 Ensure file deletion events by users are collected - 64-bit
  • 4.1.13 Ensure file deletion events by users are collected - auditctl (32-bit)
  • 4.1.13 Ensure file deletion events by users are collected - auditctl (64-bit)
  • 4.1.15 Ensure system administrator command executions (sudo) are collected - b32
  • 4.1.15 Ensure system administrator command executions (sudo) are collected - b32 auditctl
  • 4.1.15 Ensure system administrator command executions (sudo) are collected - b64
  • 4.1.15 Ensure system administrator command executions (sudo) are collected - b64 auditctl
  • 4.1.9 Ensure discretionary access control permission modification events are collected - auditctl chmod/fchmod/fchmodat
  • 4.1.9 Ensure discretionary access control permission modification events are collected - auditctl chmod/fchmod/fchmodat (64-bit)
  • 4.1.9 Ensure discretionary access control permission modification events are collected - auditctl chown/fchown/fchownat/lchown
  • 4.1.9 Ensure discretionary access control permission modification events are collected - auditctl chown/fchown/fchownat/lchown (64-bit)
  • 4.1.9 Ensure discretionary access control permission modification events are collected - auditctl setxattr/lsetxattr/fsetxattr/removexattr
  • 4.1.9 Ensure discretionary access control permission modification events are collected - auditctl xattr (64-bit)
  • 4.1.9 Ensure discretionary access control permission modification events are collected - chmod/fchmod/fchmodat
  • 4.1.9 Ensure discretionary access control permission modification events are collected - chmod/fchmod/fchmodat (64-bit)
  • 4.1.9 Ensure discretionary access control permission modification events are collected - chown/fchown/fchownat/lchown
  • 4.1.9 Ensure discretionary access control permission modification events are collected - chown/fchown/fchownat/lchown (64-bit)
  • 4.1.9 Ensure discretionary access control permission modification events are collected - setxattr/lsetxattr/fsetxattr/removexattr
  • 4.1.9 Ensure discretionary access control permission modification events are collected - xattr (64-bit)
Miscellaneous
  • Variables updated.
Revision 1.4

Jul 27, 2022

Functional Update
  • 5.3.6 Ensure SSH X11 forwarding is disabled
Revision 1.3

Apr 25, 2022

Miscellaneous
  • References updated.
Revision 1.2

Mar 29, 2022

Miscellaneous
  • Metadata updated.
  • References updated.
Revision 1.1

Jun 17, 2021

Miscellaneous
  • Metadata updated.
  • References updated.