The Center for Internet Security (CIS) is an independent group that publishes hardening guides for a wide range of products, including Ubuntu. The CIS benchmarks for Ubuntu 24.04 LTS contain a large number of recommendations for how to configure an Ubuntu system for maximum security. Canonical has developed the Ubuntu Security Guide (USG) tool in order to simply the process of applying the recommendations and then checking to see whether the system is still in compliance with the benchmark.
USG is available with an Ubuntu Pro subscription, which is free for up to 5 machines.
Installing USG
sudo pro enable usg
sudo apt install -y usg
Generate a tailoring file
sudo usg generate-tailoring cis_level1_server hardening.xml
Auditing a system
sudo usg audit --tailoring-file hardening.xml
Remediating a system
sudo usg fix --tailoring-file hardening.xml