Title
Create new category
Edit page index title
Edit category
Edit link
CIS Level 2 Guidelines
For more details about Center for Internet Security (CIS) please refer to this document.
Instruction steps
Install the UA client
Set up the Ubuntu Security Guide
Check SCAP Content Overview (Security Content Automation Protocol)
Auditing an Ubuntu System for DISA-STIG compliance
The report is generated in /var/lib/usg/
Applying the CIS rules to a set of systems
There are 2 ways that apply CIS rules
Method 1: directly using usg command - recommend
Method 2: using usg to generate script and then run the script
A reboot is require to take the effect after apply the fix.
Notes
CIS Level 2 requires
/tmpfolder to be mounted in a separate partition. Please ensure that that new partition have enough disk space for MetaDefender Core to run.
Running fix for Ubuntu 24.04
When generate the fix script in Ubuntu 24.04, there will be 2 rules (in the generated script - fix.sh) that change permission and owner of the folder /var/log:
#240: xccdf_org.ssgproject.content_rule_file_groupownerships_var_log
#255: xccdf_org.ssgproject.content_rule_file_ownerships_var_log
These 2 rules will change the permission and owner of product log also var/log/ometascan
So to prevent this, before running the fix script, user need to add metascan group, for example with rule #240
Please also do the same with rule #255 to prevent update permission and owner of
var/log/ometascan