Skip to content

CIS Ubuntu 22.04 Level 2 Server Benchmark

Rules and Groups employed by this XCCDF Profile

  • Enable systemd-journald Service

    The <code>systemd-journald</code> service is an essential component of systemd. The <code>systemd-journald</code> service can be enabled with the ...
    Rule Medium Severity
  • Ensure journald is configured to compress large log files

    The journald system can compress large log files to avoid fill the system disk.
    Rule Medium Severity
  • Ensure journald is configured to write log files to persistent disk

    The journald system may store log files in volatile memory or locally on disk. If the logs are only stored in volatile memory they will we lost upo...
    Rule Medium Severity
  • Disable systemd-journal-remote Socket

    Journald supports the ability to receive messages from remote hosts, thus acting as a log server. Clients should not receive data from other hosts....
    Rule Medium Severity
  • Configure rsyslogd to Accept Remote Messages If Acting as a Log Server

    By default, <code>rsyslog</code> does not listen over the network for log messages. If needed, modules can be enabled to allow the rsyslog daemon t...
    Group
  • Ensure rsyslog Does Not Accept Remote Messages Unless Acting As Log Server

    The <code>rsyslog</code> daemon should not accept remote messages unless the system acts as a log server. To ensure that it is not listening on the...
    Rule Medium Severity
  • Rsyslog Logs Sent To Remote Host

    If system logs are to be useful in detecting malicious activities, it is necessary to send logs to a remote server. An intruder who has compromised...
    Group
  • Ensure Logs Sent To Remote Host

    To configure rsyslog to send logs to a remote log server, open <code>/etc/rsyslog.conf</code> and read and understand the last section of the file,...
    Rule Medium Severity
  • Network Configuration and Firewalls

    Most systems must be connected to a network of some sort, and this brings with it the substantial risk of network attack. This section discusses th...
    Group
  • iptables and ip6tables

    A host-based firewall called <code>netfilter</code> is included as part of the Linux kernel distributed with the system. It is activated by default...
    Group

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules