Detections
Analytics

CIS Ubuntu Linux 22.04 LTS Workstation L2 v.1.0.0

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Ubuntu Linux 22.04 LTS Workstation L2 v.1.0.0

Updated: 6/17/2024

Authority: CIS

Plugin: Unix

Revision: 1.21

Estimated Item Count: 141

File Details

Filename: CIS_Ubuntu_22.04_LTS_v1.0.0_Workstation_L2.audit

Size: 475 kB

MD5: 0336d9c8c64d6581337b7ea945d3d034
SHA256: aa4bc47641f03ffcc7c22db6b1295a67742564c9886fa63d90ab5f86dbf30096

Audit Items

DescriptionCategories
1.1.1.2 Ensure mounting of squashfs filesystems is disabled
1.1.1.3 Ensure mounting of udf filesystems is disabled
1.1.3.1 Ensure separate partition exists for /var
1.1.4.1 Ensure separate partition exists for /var/tmp
1.1.5.1 Ensure separate partition exists for /var/log
1.1.6.1 Ensure separate partition exists for /var/log/audit
1.1.7.1 Ensure separate partition exists for /home
1.1.9 Disable Automounting
1.1.10 Disable USB Storage - blacklist
1.1.10 Disable USB Storage - lsmod
1.1.10 Disable USB Storage - modprobe
1.6.1.4 Ensure all AppArmor Profiles are enforcing - complain
1.6.1.4 Ensure all AppArmor Profiles are enforcing - loaded
1.6.1.4 Ensure all AppArmor Profiles are enforcing - unconfined
1.8.6 Ensure GDM automatic mounting of removable media is disabled
1.8.7 Ensure GDM disabling automatic mounting of removable media is not overridden
2.2.3 Ensure CUPS is not installed
3.1.2 Ensure wireless interfaces are disabled
3.4.1 Ensure DCCP is disabled - blacklist
3.4.1 Ensure DCCP is disabled - lsmod
3.4.1 Ensure DCCP is disabled - modprobe
3.4.2 Ensure SCTP is disabled - blacklist
3.4.2 Ensure SCTP is disabled - lsmod
3.4.2 Ensure SCTP is disabled - modprobe
3.4.3 Ensure RDS is disabled - blacklist
3.4.3 Ensure RDS is disabled - lsmod
3.4.3 Ensure RDS is disabled - modprobe
3.4.4 Ensure TIPC is disabled - blacklist
3.4.4 Ensure TIPC is disabled - lsmod
3.4.4 Ensure TIPC is disabled - modprobe
4.1.1.1 Ensure auditd is installed
4.1.1.2 Ensure auditd service is enabled and active - active
4.1.1.2 Ensure auditd service is enabled and active - enabled
4.1.1.3 Ensure auditing for processes that start prior to auditd is enabled
4.1.1.4 Ensure audit_backlog_limit is sufficient
4.1.2.1 Ensure audit log storage size is configured
4.1.2.2 Ensure audit logs are not automatically deleted
4.1.2.3 Ensure system is disabled when audit logs are full - 'action_mail_acct = root'
4.1.2.3 Ensure system is disabled when audit logs are full - 'admin_space_left_action'
4.1.2.3 Ensure system is disabled when audit logs are full - 'space_left_action = email'
4.1.3.1 Ensure changes to system administration scope (sudoers) is collected - auditctl sudoers
4.1.3.1 Ensure changes to system administration scope (sudoers) is collected - auditctl sudoers.d
4.1.3.1 Ensure changes to system administration scope (sudoers) is collected - sudoers
4.1.3.1 Ensure changes to system administration scope (sudoers) is collected - sudoers.d
4.1.3.2 Ensure actions as another user are always logged - auditctl b32
4.1.3.2 Ensure actions as another user are always logged - auditctl b64
4.1.3.2 Ensure actions as another user are always logged - rules.d b32
4.1.3.2 Ensure actions as another user are always logged - rules.d b64
4.1.3.3 Ensure events that modify the sudo log file are collected - auditctl sudo log
4.1.3.3 Ensure events that modify the sudo log file are collected - sudo log