CIS Ubuntu Linux 18.04 LXD Host L1 Workstation V1.0.0

Details The nosuid mount option specifies that the filesystem cannot contain setuid files. Rationale: Since the /var/tmp filesystem is only...

Details Systems need to have package manager repositories configured to ensure they receive the latest patches and updates. Rationale: If...

Details The grub configuration file contains information on boot settings and passwords for unlocking boot options. The grub configuration is...

Details prelink is a program that modifies ELF shared libraries and ELF dynamically linked binaries in such a way that...

Details Setting the sticky bit on world writable directories prevents users from deleting or renaming files in that directory that...

Details sudo can be configured to run only from a psuedo-pty Rationale: Attackers can run a malicious program using sudo,...

Details sudo allows a permitted user to execute a command as the superuser or another user, as specified by the...

Details sudo can use a custom log file Rationale: A sudo log file simplifies auditing of sudo commands Solution edit...

Details The /tmp directory is a world-writable directory used for temporary storage by all users and some applications. Rationale: Making...

Details Recent processors in the x86 family support the ability to prevent code execution on a per memory page basis....