Skip to content
ATO Pathways
  Log In

Guide to the Secure Configuration of Ubuntu 16.04

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Restrict Dynamic Mounting and Unmounting of Filesystems

    Linux includes a number of facilities for the automated addition and removal of filesystems on a running system. These facilities may be necessary...
    Group
    Show

  • Restrict Partition Mount Options

    System partitions can be mounted with certain options that limit what files on those partitions can do. These options are set in the <code>/etc/fst...
    Group
    Show

  • Removable Partition

    This value is used by the checks mount_option_nodev_removable_partitions, mount_option_nodev_removable_partitions, and mount_option_nodev_removable...
    Value
    Show

  • Daemon Umask

    The umask is a per-process setting which limits the default permissions for creation of new files and directories. The system includes initializati...
    Group
    Show

  • cvs_read_shadow SELinux Boolean

    default - Default SELinux boolean setting.
    on - SELinux boolean is enabled.
    off - SELinux boolean is disabled.
    Value
    Show

  • daemons_dump_core SELinux Boolean

    default - Default SELinux boolean setting.
    on - SELinux boolean is enabled.
    off - SELinux boolean is disabled.
    Value
    Show

  • Add nodev Option to /dev/shm

    The <code>nodev</code> mount option can be used to prevent creation of device files in <code>/dev/shm</code>. Legitimate character and block device...
    Rule Medium Severity
    Show

  • Add nosuid Option to /dev/shm

    The <code>nosuid</code> mount option can be used to prevent execution of setuid programs in <code>/dev/shm</code>. The SUID and SGID permissions s...
    Rule Medium Severity
    Show

  • Verify Permissions on Important Files and Directories Are Configured in /etc/permissions.local

    Permissions for many files on a system must be set restrictively to ensure sensitive information is properly protected. This section discusses the ...
    Group
    Show

  • Restrict Programs from Dangerous Execution Patterns

    The recommendations in this section are designed to ensure that the system's features to protect against potentially dangerous program execution ar...
    Group
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules