Skip to content
Log In

Guide to the Secure Configuration of Ubuntu 20.04

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Ensure no duplicate UIDs exist

    Although the useradd program will not let you create a duplicate User ID (UID), it is possible for an administrator to manually edit the /etc/passwd file and change the UID field. Users must be ass...
    Rule Medium Severity
    Show

  • All Interactive User Home Directories Must Have mode 0750 Or Less Permissive

    Change the mode of interactive users home directories to <code>0750</code>. To change the mode of interactive users home directory, use the following command: <pre>$ sudo chmod 0750 /home/<i>USER</...
    Rule Medium Severity
    Show

  • Verify No .forward Files Exist

    The .forward file specifies an email address to forward the user's mail to.
    Rule Medium Severity
    Show

  • Verify No netrc Files Exist

    The <code>.netrc</code> files contain login information used to auto-login into FTP servers and reside in the user's home directory. These files may contain unencrypted passwords to remote FTP serv...
    Rule Medium Severity
    Show

  • Restrict Root Logins

    Direct root logins should be allowed only for emergency use. In normal situations, the administrator should access the system via a unique unprivileged account, and then use <code>su</code> or <cod...
    Group
    Show

  • Group Name Used by pam_wheel Group Parameter

    pam_wheel module has a parameter called group, which controls which groups can access the su command. This variable holds the valid value for the parameter.
    Value
    Show

  • Verify Only Root Has UID 0

    If any account other than root has a UID of 0, this misconfiguration should be investigated and the accounts other than root should be removed or have their UID changed. <br> If the account is asso...
    Rule High Severity
    Show

  • Verify Root Has A Primary GID 0

    The root user should have a primary group of 0.
    Rule High Severity
    Show

  • Ensure Authentication Required for Single User Mode

    Single user mode is used for recovery when the system detects an issue during boot or by manual selection from the bootloader.
    Rule Medium Severity
    Show

  • Direct root Logins Are Not Allowed

    Configure the operating system to prevent direct logins to the root account by performing the following operations: 
    $ sudo passwd -l root
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules