Guide to the Secure Configuration of Ubuntu 20.04
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Configure server restrictions for ntpd
ntpd is a daemon which implements the Network Time Protocol (NTP). It is designed to synchronize system clocks across a variety of systems and use ...Rule Medium Severity -
Configure ntpd To Run As ntp User
ntp is a daemon which implements the Network Time Protocol (NTP). It is designed to synchronize system clocks across a variety of systems and use a...Rule Medium Severity -
Obsolete Services
This section discusses a number of network-visible services which have historically caused problems for system security, and for which disabling or...Group -
Uninstall rsync Package
The rsyncd service can be used to synchronize files between systems over network links. The <code>rsync</code> package can be removed with the foll...Rule Medium Severity -
Xinetd
The <code>xinetd</code> service acts as a dedicated listener for some network services (mostly, obsolete ones) and can be used to provide access co...Group -
Uninstall xinetd Package
Thexinetd
package can be removed with the following command:$ apt-get remove xinetd
Rule Low Severity -
NIS
The Network Information Service (NIS), also known as 'Yellow Pages' (YP), and its successor NIS+ have been made obsolete by Kerberos, LDAP, and oth...Group -
Rlogin, Rsh, and Rexec
The Berkeley r-commands are legacy services which allow cleartext remote access and have an insecure trust model.Group -
Uninstall rsh-server Package
Thersh-server
package can be removed with the following command:$ apt-get remove rsh-server
Rule High Severity -
Network Routing
A router is a very desirable target for a potential adversary because they fulfill a variety of infrastructure networking roles such as access to ...Group -
Remove Rsh Trust Files
The files <code>/etc/hosts.equiv</code> and <code>~/.rhosts</code> (in each user's home directory) list remote hosts and users that are trusted by ...Rule High Severity -
Chat/Messaging Services
The talk software makes it possible for users to send and receive messages across systems through a terminal session.Group -
Uninstall talk Package
The <code>talk</code> package contains the client program for the Internet talk protocol, which allows the user to chat with other users on differe...Rule Medium Severity -
Telnet
The telnet protocol does not provide confidentiality or integrity for information transmitted on the network. This includes authentication informat...Group -
Remove telnet Clients
The telnet client allows users to start connections to other systems via the telnet protocol.Rule Low Severity -
TFTP Server
TFTP is a lightweight version of the FTP protocol which has traditionally been used to configure networking equipment. However, TFTP provides littl...Group -
TFTP server secure directory
Specify the directory which is used by TFTP server as a root directory when running in secure mode.Value -
Print Support
The Common Unix Printing System (CUPS) service provides both local and network printing support. A system running the CUPS service can accept print...Group -
Uninstall CUPS Package
Thecups
package can be removed with the following command:$ apt-get remove cups
Rule Unknown Severity -
Disable the CUPS Service
Thecups
service can be disabled with the following command:$ sudo systemctl mask --now cups.service
Rule Unknown Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules