CIS Ubuntu Linux 20.04 LTS Workstation L1 v2.0.1

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Ubuntu Linux 20.04 LTS Workstation L1 v2.0.1

Updated: 9/19/2025

Authority: CIS

Plugin: Unix

Revision: 1.27

Estimated Item Count: 224

File Details

Filename: CIS_Ubuntu_20.04_LTS_v2.0.1_L1_Workstation.audit

Size: 733 kB

MD5: e837bc86f6fc3188754e8768d973891f

SHA256: aaf45e5c6512f0ce9ba0aad45d141cfeef4ca94cee3cd29059fe3afd6099f11e

Audit Items

Description	Categories
1.1.1.1 Ensure mounting of cramfs filesystems is disabled
1.1.1.2 Ensure mounting of freevxfs filesystems is disabled
1.1.1.3 Ensure mounting of jffs2 filesystems is disabled
1.1.1.4 Ensure mounting of hfs filesystems is disabled
1.1.1.5 Ensure mounting of hfsplus filesystems is disabled
1.1.2.1 Ensure /tmp is a separate partition
1.1.2.2 Ensure nodev option set on /tmp partition
1.1.2.3 Ensure noexec option set on /tmp partition
1.1.2.4 Ensure nosuid option set on /tmp partition
1.1.3.2 Ensure nodev option set on /var partition
1.1.3.3 Ensure nosuid option set on /var partition
1.1.4.2 Ensure nodev option set on /var/tmp partition
1.1.4.3 Ensure noexec option set on /var/tmp partition
1.1.4.4 Ensure nosuid option set on /var/tmp partition
1.1.5.2 Ensure nodev option set on /var/log partition
1.1.5.3 Ensure noexec option set on /var/log partition
1.1.5.4 Ensure nosuid option set on /var/log partition
1.1.6.2 Ensure nodev option set on /var/log/audit partition
1.1.6.3 Ensure noexec option set on /var/log/audit partition
1.1.6.4 Ensure nosuid option set on /var/log/audit partition
1.1.7.2 Ensure nodev option set on /home partition
1.1.7.3 Ensure nosuid option set on /home partition
1.1.8.1 Ensure nodev option set on /dev/shm partition
1.1.8.2 Ensure noexec option set on /dev/shm partition
1.1.8.3 Ensure nosuid option set on /dev/shm partition
1.2.1 Ensure AIDE is installed
1.2.2 Ensure filesystem integrity is regularly checked
1.3.1 Ensure updates, patches, and additional security software are installed
1.3.2 Ensure package manager repositories are configured
1.3.3 Ensure GPG keys are configured
1.4.1 Ensure bootloader password is set
1.4.2 Ensure permissions on bootloader config are configured
1.4.3 Ensure authentication required for single user mode
1.5.1 Ensure prelink is not installed
1.5.2 Ensure address space layout randomization (ASLR) is enabled
1.5.3 Ensure ptrace_scope is restricted
1.5.4 Ensure Automatic Error Reporting is not enabled
1.5.5 Ensure core dumps are restricted
1.6.1.1 Ensure AppArmor is installed
1.6.1.2 Ensure AppArmor is enabled in the bootloader configuration
1.6.1.3 Ensure all AppArmor Profiles are in enforce or complain mode
1.7.1 Ensure message of the day is configured properly
1.7.2 Ensure local login warning banner is configured properly
1.7.3 Ensure remote login warning banner is configured properly
1.7.4 Ensure permissions on /etc/motd are configured
1.7.5 Ensure permissions on /etc/issue are configured
1.7.6 Ensure permissions on /etc/issue.net are configured
1.8.2 Ensure GDM login banner is configured
1.8.3 Ensure GDM disable-user-list option is enabled
1.8.4 Ensure GDM screen locks when the user is idle

Detections

Analytics

CIS Ubuntu Linux 20.04 LTS Workstation L1 v2.0.1

Warning! Audit Deprecated

Audit Details

File Details

Audit Items