Skip to content

Guide to the Secure Configuration of Ubuntu 16.04

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Configure low address space to protect from user allocation

    This is the portion of low virtual memory which should be protected from userspace allocation. This configuration is available from kernel 3.14, bu...
    Rule Medium Severity
  • Disable /dev/kmem virtual device support

    Disable support for the /dev/kmem device. The configuration that was used to build kernel is available at <code>/boot/config-*</code>. To chec...
    Rule Low Severity
  • Disable hibernation

    Enable the suspend to disk (STD) functionality, which is usually called "hibernation" in user interfaces. STD checkpoints the system and powers it ...
    Rule Medium Severity
  • Disable IA32 emulation

    Disables support for legacy 32-bit programs under a 64-bit kernel. The configuration that was used to build kernel is available at <code>/boot/con...
    Rule Medium Severity
  • Disable the IPv6 protocol

    Disable support for IP version 6 (IPv6). The configuration that was used to build kernel is available at <code>/boot/config-*</code>. To check...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules