CIS Ubuntu 22.04 Level 1 Server Benchmark
Rules and Groups employed by this XCCDF Profile
-
Deprecated services
Some deprecated software services impact the overall system security due to their behavior (leak of confidentiality in network exchange, usage as u...Group -
Uninstall the nis package
The support for Yellowpages should not be installed unless it is required.Rule Low Severity -
DHCP
The Dynamic Host Configuration Protocol (DHCP) allows systems to request and obtain an IP address and other configuration parameters from a server....Group -
Disable DHCP Server
The DHCP server <code>dhcpd</code> is not installed or activated by default. If the software was installed and activated, but the system does not n...Group -
Uninstall DHCP Server Package
If the system does not need to act as a DHCP server, the dhcp package can be uninstalled. The <code>isc-dhcp-server</code> package can be removed ...Rule Medium Severity -
DNS Server
Most organizations have an operational need to run at least one nameserver. However, there are many common attacks involving DNS server software, a...Group -
Disable DNS Server
DNS software should be disabled on any systems which does not need to be a nameserver. Note that the BIND DNS server software is not installed on U...Group -
Uninstall bind Package
The <code>named</code> service is provided by the <code>bind</code> package. The <code>bind</code> package can be removed with the following comman...Rule Low Severity -
FTP Server
FTP is a common method for allowing remote access to files. Like telnet, the FTP protocol is unencrypted, which means that passwords and other data...Group -
Disable vsftpd if Possible
To minimize attack surface, disable vsftpd if at all possible.Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules