Skip to content
Log In

Guide to the Secure Configuration of Ubuntu 22.04

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Ensure SELinux is Not Disabled

    The SELinux state should be set to <code>enforcing</code> or <code>permissive</code> at system boot time. In the file <code>/etc/selinux/config</code>, add or correct the following line to configur...
    Rule High Severity
    Show

  • Ensure SELinux State is Enforcing

    The SELinux state should be set to <code><xccdf-1.2:sub idref="xccdf_org.ssgproject.content_value_var_selinux_state" use="legacy"></xccdf-1.2:sub></code> at system boot time. In the file <code>/et...
    Rule High Severity
    Show

  • Apport Service

    The Apport service provides debugging and crash reporting features on Ubuntu distributions.
    Group
    Show

  • Disable Apport Service

    The Apport modifies certain kernel configuration values at runtime which may decrease the overall security of the system and expose sensitive data. The <code>apport</code> service can be disabled ...
    Rule Unknown Severity
    Show

  • APT service configuration

    The apt service manage the package management and update of the whole system. Its configuration need to be properly defined to ensure efficient security updates, packages and repository authenticat...
    Group
    Show

  • Disable unauthenticated repositories in APT configuration

    Unauthenticated repositories should not be used for updates.
    Rule Unknown Severity
    Show

  • Avahi Server

    The Avahi daemon implements the DNS Service Discovery and Multicast DNS protocols, which provide service and host discovery on a network. It allows a system to automatically identify resources on t...
    Group
    Show

  • Configure Avahi if Necessary

    If your system requires the Avahi daemon, its configuration can be restricted to improve security. The Avahi daemon configuration file is <code>/etc/avahi/avahi-daemon.conf</code>. The following se...
    Group
    Show

  • Disable Avahi Server if Possible

    Because the Avahi daemon service keeps an open network port, it is subject to network attacks. Disabling it can reduce the system's vulnerability to such attacks.
    Group
    Show

  • Uninstall avahi Server Package

    If the system does not need to have an Avahi server which implements the DNS Service Discovery and Multicast DNS protocols, the avahi-autoipd and avahi packages can be uninstalled.
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules