Skip to content
Log In

Guide to the Secure Configuration of Ubuntu 20.04

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Disable Apport Service

    The Apport modifies certain kernel configuration values at runtime which may decrease the overall security of the system and expose sensitive data. The <code>apport</code> service can be disabled ...
    Rule Unknown Severity
    Show

  • APT service configuration

    The apt service manage the package management and update of the whole system. Its configuration need to be properly defined to ensure efficient security updates, packages and repository authenticat...
    Group
    Show

  • Disable unauthenticated repositories in APT configuration

    Unauthenticated repositories should not be used for updates.
    Rule Unknown Severity
    Show

  • Avahi Server

    The Avahi daemon implements the DNS Service Discovery and Multicast DNS protocols, which provide service and host discovery on a network. It allows a system to automatically identify resources on t...
    Group
    Show

  • Configure Avahi if Necessary

    If your system requires the Avahi daemon, its configuration can be restricted to improve security. The Avahi daemon configuration file is <code>/etc/avahi/avahi-daemon.conf</code>. The following se...
    Group
    Show

  • Disable Avahi Server if Possible

    Because the Avahi daemon service keeps an open network port, it is subject to network attacks. Disabling it can reduce the system's vulnerability to such attacks.
    Group
    Show

  • Uninstall avahi Server Package

    If the system does not need to have an Avahi server which implements the DNS Service Discovery and Multicast DNS protocols, the avahi-autoipd and avahi packages can be uninstalled.
    Rule Medium Severity
    Show

  • Base Services

    This section addresses the base services that are installed on a Ubuntu 20.04 default installation which are not covered in other sections. Some of these services listen on the network and should b...
    Group
    Show

  • Disable KDump Kernel Crash Analyzer (kdump)

    The <code>kdump-tools</code> service provides a kernel crash dump analyzer. It uses the <code>kexec</code> system call to boot a secondary kernel ("capture" kernel) following a system crash, which ...
    Rule Medium Severity
    Show

  • Cron and At Daemons

    The cron and at services are used to allow commands to be executed at a later time. The cron service is required by almost all systems to perform necessary maintenance tasks, while at may or may no...
    Group
    Show

  • Install the cron service

    The Cron service should be installed.
    Rule Medium Severity
    Show

  • Enable cron Service

    The <code>crond</code> service is used to execute commands at preconfigured times. It is required by almost all systems to perform necessary maintenance tasks, such as notifying root of system acti...
    Rule Medium Severity
    Show

  • Verify Group Who Owns cron.d

    To properly set the group owner of /etc/cron.d, run the command: 
    $ sudo chgrp root /etc/cron.d
    Rule Medium Severity
    Show

  • Verify Group Who Owns cron.daily

    To properly set the group owner of /etc/cron.daily, run the command: 
    $ sudo chgrp root /etc/cron.daily
    Rule Medium Severity
    Show

  • Verify Group Who Owns cron.monthly

    To properly set the group owner of /etc/cron.monthly, run the command: 
    $ sudo chgrp root /etc/cron.monthly
    Rule Medium Severity
    Show

  • Verify Group Who Owns cron.weekly

    To properly set the group owner of /etc/cron.weekly, run the command: 
    $ sudo chgrp root /etc/cron.weekly
    Rule Medium Severity
    Show

  • Verify Group Who Owns Crontab

    To properly set the group owner of /etc/crontab, run the command: 
    $ sudo chgrp root /etc/crontab
    Rule Medium Severity
    Show

  • Verify Owner on cron.d

    To properly set the owner of /etc/cron.d, run the command: 
    $ sudo chown root /etc/cron.d
    Rule Medium Severity
    Show

  • Verify Owner on cron.daily

    To properly set the owner of /etc/cron.daily, run the command: 
    $ sudo chown root /etc/cron.daily
    Rule Medium Severity
    Show

  • Verify Owner on cron.hourly

    To properly set the owner of /etc/cron.hourly, run the command: 
    $ sudo chown root /etc/cron.hourly
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules