Ensure core dumps are restricted – limits config
Details A core dump is the memory of an executable program. It is generally used to determine why a program...
- Home
- Security Hardening
- CIS Ubuntu Linux 16.04 LTS Server L1 V2.0.0
CIS Ubuntu Linux 16.04 LTS Server L1 V2.0.0
Ensure core dumps are restricted – processsizemax
Details A core dump is the memory of an executable program. It is generally used to determine why a program...Ensure core dumps are restricted – storage
Details A core dump is the memory of an executable program. It is generally used to determine why a program...Ensure core dumps are restricted – sysctl
Details A core dump is the memory of an executable program. It is generally used to determine why a program...Ensure core dumps are restricted – sysctl config
Details A core dump is the memory of an executable program. It is generally used to determine why a program...Ensure /dev/shm is configured
Details /dev/shm is a traditional shared memory concept. One program will create a memory portion, which other processes (if permitted)...Ensure filesystem integrity is regularly checked
Details Periodic checking of the filesystem integrity is needed to detect changes to the filesystem. Rationale: Periodic file checking allows...Ensure GPG keys are configured
Details Most packages managers implement GPG key signing to verify package integrity during installation. Rationale: It is important to ensure...Ensure /home partition includes the nodev option
Details The nodev mount option specifies that the filesystem cannot contain special devices. Rationale: Since the user partitions are not...Ensure mounting of cramfs filesystems is disabled – lsmod
Details The cramfs filesystem type is a compressed read-only Linux filesystem embedded in small footprint systems. A cramfs image can...