Ensure package manager repositories are configured
Details Systems need to have package manager repositories configured to ensure they receive the latest patches and updates. Rationale: If...
- Home
- Security Hardening
- CIS Ubuntu Linux 20.04 LTS Server L1 V1.1.0
CIS Ubuntu Linux 20.04 LTS Server L1 V1.1.0
Ensure permissions on bootloader config are configured
Details The grub configuration file contains information on boot settings and passwords for unlocking boot options. Rationale: Setting the permissions...Ensure permissions on bootloader config are not overridden – chmod
Details The permissions on /boot/grub/grub.cfg are changed to 444 when gub.cfg is updated by the update-grub command Rationale: Setting the...Ensure permissions on bootloader config are not overridden – if line
Details The permissions on /boot/grub/grub.cfg are changed to 444 when gub.cfg is updated by the update-grub command Rationale: Setting the...Ensure prelink is not installed
Details prelink is a program that modifies ELF shared libraries and ELF dynamically linked binaries in such a way that...Ensure sticky bit is set on all world-writable directories
Details Setting the sticky bit on world writable directories prevents users from deleting or renaming files in that directory that...Ensure /tmp is configured
Details The /tmp directory is a world-writable directory used for temporary storage by all users and some applications Rationale: Making...Ensure /var/tmp partition includes the nodev option
Details The nodev mount option specifies that the filesystem cannot contain special devices. Rationale: Since the /var/tmp filesystem is not...Ensure /var/tmp partition includes the noexec option
Details The noexec mount option specifies that the filesystem cannot contain executable binaries. Rationale: Since the /var/tmp filesystem is only...Ensure /var/tmp partition includes the nosuid option
Details The nosuid mount option specifies that the filesystem cannot contain setuid files. Rationale: Since the /var/tmp filesystem is only...