CIS Ubuntu Linux 20.04 LTS Server L1 v2.0.1

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Ubuntu Linux 20.04 LTS Server L1 v2.0.1

Updated: 9/19/2025

Authority: CIS

Plugin: Unix

Revision: 1.28

Estimated Item Count: 230

File Details

Filename: CIS_Ubuntu_20.04_LTS_v2.0.1_L1_Server.audit

Size: 760 kB

MD5: ca10396224d7edb47d293d481eb50628

SHA256: e7935322040b55f6676b5e3c9f3a5507d661db4aa163b196008893b9e81b7661

Audit Items

Description	Categories
1.1.1.1 Ensure mounting of cramfs filesystems is disabled
1.1.1.2 Ensure mounting of freevxfs filesystems is disabled
1.1.1.3 Ensure mounting of jffs2 filesystems is disabled
1.1.1.4 Ensure mounting of hfs filesystems is disabled
1.1.1.5 Ensure mounting of hfsplus filesystems is disabled
1.1.2.1 Ensure /tmp is a separate partition
1.1.2.2 Ensure nodev option set on /tmp partition
1.1.2.3 Ensure noexec option set on /tmp partition
1.1.2.4 Ensure nosuid option set on /tmp partition
1.1.3.2 Ensure nodev option set on /var partition
1.1.3.3 Ensure nosuid option set on /var partition
1.1.4.2 Ensure nodev option set on /var/tmp partition
1.1.4.3 Ensure noexec option set on /var/tmp partition
1.1.4.4 Ensure nosuid option set on /var/tmp partition
1.1.5.2 Ensure nodev option set on /var/log partition
1.1.5.3 Ensure noexec option set on /var/log partition
1.1.5.4 Ensure nosuid option set on /var/log partition
1.1.6.2 Ensure nodev option set on /var/log/audit partition
1.1.6.3 Ensure noexec option set on /var/log/audit partition
1.1.6.4 Ensure nosuid option set on /var/log/audit partition
1.1.7.2 Ensure nodev option set on /home partition
1.1.7.3 Ensure nosuid option set on /home partition
1.1.8.1 Ensure nodev option set on /dev/shm partition
1.1.8.2 Ensure noexec option set on /dev/shm partition
1.1.8.3 Ensure nosuid option set on /dev/shm partition
1.1.9 Disable Automounting
1.1.10 Disable USB Storage
1.2.1 Ensure AIDE is installed
1.2.2 Ensure filesystem integrity is regularly checked
1.3.1 Ensure updates, patches, and additional security software are installed
1.3.2 Ensure package manager repositories are configured
1.3.3 Ensure GPG keys are configured
1.4.1 Ensure bootloader password is set
1.4.2 Ensure permissions on bootloader config are configured
1.4.3 Ensure authentication required for single user mode
1.5.1 Ensure prelink is not installed
1.5.2 Ensure address space layout randomization (ASLR) is enabled
1.5.3 Ensure ptrace_scope is restricted
1.5.4 Ensure Automatic Error Reporting is not enabled
1.5.5 Ensure core dumps are restricted
1.6.1.1 Ensure AppArmor is installed
1.6.1.2 Ensure AppArmor is enabled in the bootloader configuration
1.6.1.3 Ensure all AppArmor Profiles are in enforce or complain mode
1.7.1 Ensure message of the day is configured properly
1.7.2 Ensure local login warning banner is configured properly
1.7.3 Ensure remote login warning banner is configured properly
1.7.4 Ensure permissions on /etc/motd are configured
1.7.5 Ensure permissions on /etc/issue are configured
1.7.6 Ensure permissions on /etc/issue.net are configured
1.8.2 Ensure GDM login banner is configured

Detections

Analytics

CIS Ubuntu Linux 20.04 LTS Server L1 v2.0.1

Warning! Audit Deprecated

Audit Details

File Details

Audit Items