Skip to content
ATO Pathways
  Log In

Guide to the Secure Configuration of Ubuntu 22.04

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Uninstall rpcbind Package

    The rpcbind utility maps RPC services to the ports on which they listen. RPC processes notify rpcbind when they start, registering the ports they a...
    Rule Low Severity
    Show

  • Configure All Systems which Use NFS

    The steps in this section are appropriate for all systems which run NFS, whether they operate as clients or as servers.
    Group
    Show

  • Make Each System a Client or a Server, not Both

    If NFS must be used, it should be deployed in the simplest configuration possible to avoid maintainability problems which may lead to unnecessary s...
    Group
    Show

  • Configure NFS Services to Use Fixed Ports (NFSv3 and NFSv2)

    Firewalling should be done at each host and at the border firewalls to protect the NFS daemons from remote access, since NFS servers should never b...
    Group
    Show

  • Mount Remote Filesystems with Restrictive Options

    Edit the file <code>/etc/fstab</code>. For each filesystem whose type (column 3) is <code>nfs</code> or <code>nfs4</code>, add the text <code>,node...
    Group
    Show

  • Configure NFS Servers

    The steps in this section are appropriate for systems which operate as NFS servers.
    Group
    Show

  • Ensure All-Squashing Disabled On All Exports

    The <code>all_squash</code> maps all uids and gids to an anonymous user. This should be disabled by removing any instances of the <code>all_squash<...
    Rule Low Severity
    Show

  • Configure the Exports File Restrictively

    Linux's NFS implementation uses the file <code>/etc/exports</code> to control what filesystems and directories may be accessed via NFS. (See the <c...
    Group
    Show

  • Export Filesystems Read-Only if Possible

    If a filesystem is being exported so that users can view the files in a convenient fashion, but there is no need for users to edit those files, exp...
    Group
    Show

  • Use Access Lists to Enforce Authorization Restrictions

    When configuring NFS exports, ensure that each export line in <code>/etc/exports</code> contains a list of hosts which are allowed to access that e...
    Group
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules