Skip to content

CIS Ubuntu 20.04 Level 2 Server Benchmark

Rules and Groups employed by this XCCDF Profile

  • FTP Server

    FTP is a common method for allowing remote access to files. Like telnet, the FTP protocol is unencrypted, which means that passwords and other data...
    Group
  • Disable vsftpd if Possible

    To minimize attack surface, disable vsftpd if at all possible.
    Group
  • Uninstall vsftpd Package

    The vsftpd package can be removed with the following command:
     $ apt-get remove vsftpd
    Rule High Severity
  • Web Server

    The web server is responsible for providing access to content via the HTTP protocol. Web servers represent a significant security risk because: <br...
    Group
  • Disable Apache if Possible

    If Apache was installed and activated, but the system does not need to act as a web server, then it should be disabled and removed from the system.
    Group
  • Uninstall httpd Package

    The apache2 package can be removed with the following command:
    $ apt-get remove apache2
    Rule Unknown Severity
  • Disable NGINX if Possible

    If NGINX was installed and activated, but the system does not need to act as a web server, then it should be removed from the system.
    Group
  • Uninstall nginx Package

    The nginx package can be removed with the following command:
    $ apt-get remove nginx
    Rule Unknown Severity
  • IMAP and POP3 Server

    Dovecot provides IMAP and POP3 services. It is not installed by default. The project page at <a href="http://www.dovecot.org">http://www.dovec...
    Group
  • Disable Cyrus IMAP

    If the system does not need to operate as an IMAP or POP3 server, the Cyrus IMAP software should be removed.
    Group
  • Uninstall cyrus-imapd Package

    The cyrus-imapd package can be removed with the following command:
    $ apt-get remove cyrus-imapd
    Rule Unknown Severity
  • Disable Dovecot

    If the system does not need to operate as an IMAP or POP3 server, the dovecot software should be disabled and removed.
    Group
  • Uninstall dovecot Package

    The dovecot-core package can be removed with the following command:
    $ apt-get remove dovecot-core
    Rule Unknown Severity
  • LDAP

    LDAP is a popular directory service, that is, a standardized way of looking up information from a central database. Ubuntu 20.04 includes software ...
    Group
  • Configure OpenLDAP Clients

    This section provides information on which security settings are important to configure in OpenLDAP clients by manually editing the appropriate con...
    Group
  • Ensure LDAP client is not installed

    The Lightweight Directory Access Protocol (LDAP) is a service that provides a method for looking up information from a central database. The <code>...
    Rule Low Severity
  • Configure OpenLDAP Server

    This section details some security-relevant settings for an OpenLDAP server.
    Group
  • Uninstall openldap-servers Package

    The slapd package is not installed by default on a Ubuntu 20.04 system. It is needed only by the OpenLDAP server, not by the clients which use LDAP...
    Rule Low Severity
  • Mail Server Software

    Mail servers are used to send and receive email over the network. Mail is a very common service, and Mail Transfer Agents (MTAs) are obvious target...
    Group
  • Ensure Mail Transfer Agent is not Listening on any non-loopback Address

    Mail Transfer Agents (MTA), such as sendmail and Postfix, are used to listen for incoming mail and transfer the messages to the appropriate user or...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules