Skip to content
ATO Pathways
  Log In

Guide to the Secure Configuration of Ubuntu 16.04

Rules, Groups, and Values defined within the XCCDF Benchmark

  • McAfee Endpoint Security for Linux (ENSL)

    McAfee Endpoint Security for Linux (ENSL) is a suite of software applications used to monitor, detect, and defend computer networks and systems.
    Group
    Show

  • McAfee Host-Based Intrusion Detection Software (HBSS)

    McAfee Host-based Security System (HBSS) is a suite of software applications used to monitor, detect, and defend computer networks and systems.
    Group
    Show

  • Install the Host Intrusion Prevention System (HIPS) Module

    Install the McAfee Host Intrusion Prevention System (HIPS) Module if it is absolutely necessary. If SELinux is enabled, do not install or enable th...
    Rule Medium Severity
    Show

  • daemon umask

    Enter umask for daemons
    Value
    Show

  • Screensaver Inactivity timeout

    Choose allowed duration (in seconds) of inactive graphical sessions
    Value
    Show

  • Group name dedicated to the use of sudo

    Specify the name of the group that should own /usr/bin/sudo.
    Value
    Show

  • warning days before password expires

    The number of days' warning given before a password expires.
    Value
    Show

  • Maximum login attempts delay

    Maximum time in seconds between fail login attempts before re-prompting.
    Value
    Show

  • Maximum concurrent login sessions

    Maximum number of concurrent sessions by a user
    Value
    Show

  • Screensaver Lock Delay

    Choose allowed duration (in seconds) after a screensaver becomes active before displaying an authentication prompt
    Value
    Show

  • Sudo - logfile value

    Specify the sudo logfile to use. The default value used here matches the example location from CIS, which uses /var/log/sudo.log.
    Value
    Show

  • GNOME Media Settings

    GNOME media settings that apply to the graphical interface.
    Group
    Show

  • GNOME Network Settings

    GNOME network settings that apply to the graphical interface.
    Group
    Show

  • GNOME Remote Access Settings

    GNOME remote access settings that apply to the graphical interface.
    Group
    Show

  • Sudo - passwd_timeout value

    Defines the number of minutes before the <code>sudo</code> password prompt times out. Defining 0 means no timeout. The default timeout value is 5 m...
    Value
    Show

  • The percentage remaining in disk space before prompting space_left_action

    The setting for space_left as a percentage in /etc/audit/auditd.conf
    Value
    Show

  • conman_can_network SELinux Boolean

    default - Default SELinux boolean setting.
    on - SELinux boolean is enabled.
    off - SELinux boolean is disabled.
    Value
    Show

  • net.ipv4.tcp_invalid_ratelimit

    Configure the maximal rate for sending duplicate acknowledgments in response to incoming invalid TCP packets.
    Value
    Show

  • Account Inactivity Timeout (seconds)

    In an interactive shell, the value is interpreted as the number of seconds to wait for input after issuing the primary prompt. Bash terminates afte...
    Value
    Show

  • Interactive users initialization files

    'A regular expression describing a list of file names for files that are sourced at login time for interactive users'
    Value
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules