Skip to content
ATO Pathways
  Log In

Guide to the Secure Configuration of Ubuntu 18.04

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Ensure SMEP is not disabled during boot

    The SMEP is used to prevent the supervisor mode from executing user space code, it is enabled by default since Linux kernel 3.0. But it could be di...
    Rule Medium Severity
    Show

  • Configure the confidence in TPM for entropy

    The TPM security chip that is available in most modern systems has a hardware RNG. It is also used to feed the entropy pool, but generally not cred...
    Rule Low Severity
    Show

  • Disable merging of slabs with similar size

    The kernel may merge similar slabs together to reduce overhead and increase cache hotness of objects. Disabling merging of slabs keeps the slabs se...
    Rule Medium Severity
    Show

  • Configure Speculative Store Bypass Mitigation

    Certain CPUs are vulnerable to an exploit against a common wide industry wide performance optimization known as Speculative Store Bypass (SSB). In...
    Rule Medium Severity
    Show

  • Enforce Spectre v2 mitigation

    Spectre V2 is an indirect branch poisoning attack that can lead to data leakage. An exploit for Spectre V2 tricks the indirect branch predictor int...
    Rule High Severity
    Show

  • Ensure debug-shell service is not enabled during boot

    systemd's <code>debug-shell</code> service is intended to diagnose systemd related boot issues with various <code>systemctl</code> commands. Once e...
    Rule Medium Severity
    Show

  • Non-UEFI GRUB2 bootloader configuration

    Non-UEFI GRUB2 bootloader configuration
    Group
    Show

  • UEFI GRUB2 bootloader configuration

    UEFI GRUB2 bootloader configuration
    Group
    Show

  • zIPL bootloader configuration

    During the boot process, the bootloader is responsible for starting the execution of the kernel and passing options to it. The default Ubuntu 18.04...
    Group
    Show

  • Protect Random-Number Entropy Pool

    The I/O operations of the Linux kernel block layer due to their inherently unpredictable execution times have been traditionally considered as a re...
    Group
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules