Guide to the Secure Configuration of Ubuntu 20.04
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Ensure AppArmor is installed
AppArmor provide Mandatory Access Controls.Rule Medium Severity -
Enforce all AppArmor Profiles
AppArmor profiles define what resources applications are able to access. To set all profiles to enforce mode run the following command: <pre>$ sudo...Rule Medium Severity -
All AppArmor Profiles are in enforce or complain mode
AppArmor profiles define what resources applications are able to access. To set all profiles to either <code>enforce</code> or <code>complain</code...Rule Medium Severity -
Ensure AppArmor is Active and Configured
Verify that the Apparmor tool is configured to control whitelisted applications and user home directory access control.<br><br> The <code>apparmor...Rule Medium Severity -
authlogin_radius SELinux Boolean
default - Default SELinux boolean setting.
on - SELinux boolean is enabled.
off - SELinux boolean is disabled.Value -
net.ipv6.conf.all.accept_source_route
Trackers could be using source-routed packets to generate traffic that seems to be intra-net, but actually was created outside and has been redirec...Value -
UEFI GRUB2 bootloader configuration
UEFI GRUB2 bootloader configurationGroup -
net.ipv6.conf.all.autoconf
Enable auto configuration on IPv6 interfacesValue -
net.ipv6.conf.all.forwarding
Toggle IPv6 ForwardingValue -
net.ipv6.conf.all.max_addresses
Maximum number of autoconfigured IPv6 addressesValue -
systemd-journald
systemd-journald is a system service that collects and stores logging data. It creates and maintains structured, indexed journals based on logging ...Group -
net.ipv6.conf.all.router_solicitations
Accept all router solicitations?Value -
net.ipv6.conf.default.accept_ra_defrtr
Accept default router in router advertisements?Value -
Ensure AppArmor is enabled in the bootloader configuration
Configure AppArmor to be enabled at boot time and verify that it has not been overwritten by the bootloader boot parameters. Note: This recommenda...Rule Medium Severity -
GRUB2 bootloader configuration
During the boot process, the boot loader is responsible for starting the execution of the kernel and passing options to it. The boot loader allows ...Group -
L1TF vulnerability mitigation
Defines the L1TF vulneratility mitigations to employ.Value -
MDS vulnerability mitigation
Defines the MDS vulneratility mitigation to employ.Value -
Confidence level on Hardware Random Number Generator
Defines the level of trust on the hardware random number generators available in the system and the percentage of entropy to credit.Value -
Spec Store Bypass Mitigation
This controls how the Speculative Store Bypass (SSB) vulnerability is mitigated.Value -
net.ipv6.conf.default.accept_ra_pinfo
Accept prefix information in router advertisements?Value
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.