PBQ

System Hardening — Linux Server Baseline Configuration

SY0-701 Obj 2.5 · Asset & Vulnerability Management
A newly provisioned Ubuntu 22.04 web server has failed its security baseline audit. You must harden the system by: (1) checking required hardening tasks as complete, and (2) fixing the SSH and PAM configuration files to meet CIS Benchmark standards. Red highlighted values are the current insecure settings — change them to the correct secure values.

Part 1 — Check all required hardening tasks

Hardening Checklist

Part 2 — Fix the configuration files

/etc/ssh/sshd_config SSH daemon configuration — fix insecure values
sshd_config Change highlighted red values to secure settings
1# SSH Server Configuration — CIS Benchmark
2Port 22
3Protocol
4PermitRootLogin
5PasswordAuthentication
6PermitEmptyPasswords
7MaxAuthTries
8X11Forwarding
9LoginGraceTime
10AllowUsers webadmin svcuser
/etc/security/pwquality.conf Password quality requirements — fix weak defaults
pwquality.conf Select the secure value for each setting
1# Password quality policy
2minlen =
3minclass =
4maxrepeat =
5dcredit =
6ucredit =
7ocredit =
All PBQ Labs