Skip to content

CIS Ubuntu 22.04 Level 2 Server Benchmark

Rules and Groups employed by this XCCDF Profile

  • Audit Configuration Files Must Be Owned By Group root

    All audit configuration files must be owned by group root.
    chown :root /etc/audit/audit*.{rules,conf} /etc/audit/rules.d/*
    Rule Medium Severity
  • Audit Configuration Files Must Be Owned By Root

    All audit configuration files must be owned by root user. To properly set the owner of <code>/etc/audit/</code>, run the command: <pre>$ sudo chow...
    Rule Medium Severity
  • System Audit Logs Must Be Owned By Root

    All audit logs must be owned by root user. The path for audit log can be configured via <code>log_file</code> parameter in <pre>/etc/audit/auditd.c...
    Rule Medium Severity
  • System Audit Logs Must Have Mode 0640 or Less Permissive

    If <code>log_group</code> in <code>/etc/audit/auditd.conf</code> is set to a group other than the <code>root</code> group account, change the mode...
    Rule Medium Severity
  • Record Events that Modify the System's Discretionary Access Controls

    At a minimum, the audit system should collect file permission changes for all users and root. Note that the "-F arch=b32" lines should be present e...
    Group

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules