CIS Ubuntu 22.04 Level 2 Workstation Benchmark
Rules and Groups employed by this XCCDF Profile
-
Verify Group Ownership of System Login Banner
To properly set the group owner of/etc/issue, run the command:$ sudo chgrp root /etc/issue
Rule Medium Severity -
Verify Group Ownership of System Login Banner for Remote Connections
To properly set the group owner of/etc/issue.net, run the command:$ sudo chgrp root /etc/issue.net
Rule Medium Severity -
Verify Group Ownership of Message of the Day Banner
To properly set the group owner of/etc/motd, run the command:$ sudo chgrp root /etc/motd
Rule Medium Severity -
Verify ownership of System Login Banner
To properly set the owner of/etc/issue, run the command:$ sudo chown root /etc/issue
Rule Medium Severity -
Verify ownership of System Login Banner for Remote Connections
To properly set the owner of/etc/issue.net, run the command:$ sudo chown root /etc/issue.net
Rule Medium Severity -
Verify ownership of Message of the Day Banner
To properly set the owner of/etc/motd, run the command:$ sudo chown root /etc/motd
Rule Medium Severity -
Verify permissions on System Login Banner
To properly set the permissions of/etc/issue, run the command:$ sudo chmod 0644 /etc/issue
Rule Medium Severity -
Verify permissions on System Login Banner for Remote Connections
To properly set the permissions of/etc/issue.net, run the command:$ sudo chmod 0644 /etc/issue.net
Rule Medium Severity -
Verify permissions on Message of the Day Banner
To properly set the permissions of/etc/motd, run the command:$ sudo chmod 0644 /etc/motd
Rule Medium Severity -
Implement a GUI Warning Banner
In the default graphical environment, users logging directly into the system are greeted with a login screen provided by the GNOME Display Manager ...Group -
Enable GNOME3 Login Warning Banner
In the default graphical environment, displaying a login warning banner in the GNOME Display Manager's login screen can be enabled on the login scr...Rule Medium Severity -
Set the GNOME3 Login Warning Banner Text
In the default graphical environment, configuring the login warning banner text in the GNOME Display Manager's login screen can be configured on th...Rule Medium Severity -
Protect Accounts by Configuring PAM
PAM, or Pluggable Authentication Modules, is a system which implements modular authentication for Linux programs. PAM provides a flexible and confi...Group -
Set Lockouts for Failed Password Attempts
The <code>pam_faillock</code> PAM module provides the capability to lock out user accounts after a number of failed login attempts. Its documentati...Group -
Limit Password Reuse
Do not allow users to reuse recent passwords. This can be accomplished by using the <code>remember</code> option for the <code>pam_unix</code> or <...Rule Medium Severity -
Lock Accounts After Failed Password Attempts
This rule configures the system to lock out accounts after a number of incorrect login attempts using <code>pam_faillock.so</code>. pam_faillock.so...Rule Medium Severity -
Set Interval For Counting Failed Password Attempts
Utilizing <code>pam_faillock.so</code>, the <code>fail_interval</code> directive configures the system to lock out an account after a number of inc...Rule Medium Severity -
Set Lockout Time for Failed Password Attempts
This rule configures the system to lock out accounts during a specified time period after a number of incorrect login attempts using <code>pam_fail...Rule Medium Severity -
Set Password Quality Requirements
The default <code>pam_pwquality</code> PAM module provides strength checking for passwords. It performs a number of checks, such as making sure pas...Group -
Set Password Quality Requirements with pam_pwquality
The <code>pam_pwquality</code> PAM module can be configured to meet requirements for a variety of policies. <br><br> For example, to configure <cod...Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.