forked from canonical/ubuntu-pro-client
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathhelp_data.yaml
68 lines (62 loc) · 3.46 KB
/
help_data.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
cc-eal:
help: |
Common Criteria is an Information Technology Security Evaluation standard
(ISO/IEC IS 15408) for computer security certification. Ubuntu 16.04 has
been evaluated to assurance level EAL2 through CSEC. The evaluation was
performed on Intel x86_64, IBM Power8 and IBM Z hardware platforms.
cis:
help: |
CIS benchmarks locks down your systems by removing non-secure programs,
disabling unused filesystems, disabling unnecessary ports or services to
prevent cyber attacks and malware, auditing privileged operations and
restricting administrative privileges. The cis command installs
tooling needed to automate audit and hardening according to a desired
CIS profile - level 1 or level 2 for server or workstation on
Ubuntu 18.04 LTS or 16.04 LTS. The audit tooling uses OpenSCAP libraries
to do a scan of the system. The tool provides options to generate a
report in XML or a html format. The report shows compliance for all the
rules against the profile selected during the scan. You can find out
more at https://ubuntu.com/security/certifications#cis
esm-apps:
help: |
UA Apps: Extended Security Maintenance is enabled by default on entitled
workloads. It provides access to a private PPA which includes available
high and critical CVE fixes for Ubuntu LTS packages in the Ubuntu Main
and Ubuntu Universe repositories from the Ubuntu LTS release date until
its end of life. You can find out more about the esm service at
https://ubuntu.com/security/esm
esm-infra:
help: |
esm-infra provides access to a private ppa which includes available high
and critical CVE fixes for Ubuntu LTS packages in the Ubuntu Main
repository between the end of the standard Ubuntu LTS security
maintenance and its end of life. It is enabled by default with
Extended Security Maintenance (ESM) for UA Apps and UA Infra.
You can find our more about the esm service at
https://ubuntu.com/security/esm
fips:
help: |
FIPS 140-2 is a set of publicly announced cryptographic standards
developed by the National Institute of Standards and Technology
applicable for FedRAMP, HIPAA, PCI and ISO compliance use cases.
Note that ‘fips’ does not provide security patching. For fips certified
modules with security patches please refer to fips-updates. The modules
are certified on Intel x86_64 and IBM Z hardware platforms for Ubuntu
18.04 and Intel x86_64, IBM Power8 and IBM Z hardware platforms for
Ubuntu 16.04. Below is the list of fips certified components per an
Ubuntu Version. You can find out more at
https://ubuntu.com/security/certifications#fips
fips-updates:
help: |
fips-updates installs fips modules including all security patches
for those modules that have been provided since their certification date.
You can find out more at https://ubuntu.com/security/certifications#fips.
livepatch:
help: |
Livepatch provides selected high and critical kernel CVE fixes and other
non-security bug fixes as kernel livepatches. Livepatches are applied
without rebooting a machine which drastically limits the need for
unscheduled system reboots. Due to the nature of fips compliance,
livepatches cannot be enabled on fips-enabled systems. You can find out
more about Ubuntu Kernel Livepatch service at
https://ubuntu.com/security/livepatch