Skip to content
ATO Pathways
  Log In

Guide to the Secure Configuration of Ubuntu 16.04

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Configure Response Mode of ARP Requests for All IPv4 Interfaces

    To set the runtime status of the <code>net.ipv4.conf.all.arp_ignore</code> kernel parameter, run the following command: <pre>$ sudo sysctl -w net.i...
    Rule Medium Severity
    Show

  • Prevent Routing External Traffic to Local Loopback on All IPv4 Interfaces

    To set the runtime status of the <code>net.ipv4.conf.all.route_localnet</code> kernel parameter, run the following command: <pre>$ sudo sysctl -w n...
    Rule Medium Severity
    Show

  • Configure Sending and Accepting Shared Media Redirects for All IPv4 Interfaces

    To set the runtime status of the <code>net.ipv4.conf.all.shared_media</code> kernel parameter, run the following command: <pre>$ sudo sysctl -w net...
    Rule Medium Severity
    Show

  • Configure Sending and Accepting Shared Media Redirects by Default

    To set the runtime status of the <code>net.ipv4.conf.default.shared_media</code> kernel parameter, run the following command: <pre>$ sudo sysctl -w...
    Rule Medium Severity
    Show

  • Network Parameters for Hosts Only

    If the system is not going to be used as a router, then setting certain kernel parameters ensure that the host will not perform routing of network ...
    Group
    Show

  • nftables

    <code>If firewalld or iptables are being used in your environment, please follow the guidance in their respective section and pass-over the guidanc...
    Group
    Show

  • Verify ufw Enabled

    The ufw service can be enabled with the following command: 
    $ sudo systemctl enable ufw.service
    Rule Medium Severity
    Show

  • ftpd_use_nfs SELinux Boolean

    default - Default SELinux boolean setting.
    on - SELinux boolean is enabled.
    off - SELinux boolean is disabled.
    Value
    Show

  • Nftables Base Chain Hooks

    The possible hooks which can be used to configure the base chain are: <code>ingress</code> (only in netdev family since Linux kernel 4.2, and inet ...
    Value
    Show

  • Nftables Chain Names

    The rules in nftables are attached to chains. Unlike in iptables, there are no predefined chains like INPUT, OUTPUT, etc. Instead, to filter pack...
    Value
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules