Skip to content
Log In

Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • SRG-OS-000109-GPOS-00056

    Group
    Show

  • SRG-OS-000104-GPOS-00051

    Group
    Show

  • SRG-OS-000075-GPOS-00043

    Group
    Show

  • Ubuntu 22.04 LTS must enforce 24 hours/one day as the minimum password lifetime. Passwords for new users must have a 24 hours/one day minimum password lifetime restriction.

    Enforcing a minimum password lifetime helps to prevent repeated password changes to defeat the password reuse or history enforcement requirement. If users are allowed to immediately and continually...
    Rule Medium Severity
    Show

  • SRG-OS-000076-GPOS-00044

    Group
    Show

  • Ubuntu 22.04 LTS must enforce a 60-day maximum password lifetime restriction. Passwords for new users must have a 60-day maximum password lifetime restriction.

    Any password, no matter how complex, can eventually be cracked. Therefore, passwords need to be changed periodically. If the operating system does not limit the lifetime of passwords and force user...
    Rule Medium Severity
    Show

  • SRG-OS-000118-GPOS-00060

    Group
    Show

  • Ubuntu 22.04 LTS must disable account identifiers (individuals, groups, roles, and devices) after 35 days of inactivity.

    Inactive identifiers pose a risk to systems and applications because attackers may exploit an inactive identifier and potentially obtain undetected access to the system. Owners of inactive accounts...
    Rule Medium Severity
    Show

  • SRG-OS-000002-GPOS-00002

    Group
    Show

  • SRG-OS-000021-GPOS-00005

    Group
    Show

  • Ubuntu 22.04 LTS must automatically lock an account until the locked account is released by an administrator when three unsuccessful logon attempts have been made.

    By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-forcing, is reduced. Limits are imposed by locking the a...
    Rule Low Severity
    Show

  • SRG-OS-000480-GPOS-00226

    Group
    Show

  • Ubuntu 22.04 LTS must enforce a delay of at least four seconds between logon prompts following a failed logon attempt.

    Limiting the number of logon attempts over a certain time interval reduces the chances that an unauthorized user may gain access to an account.
    Rule Low Severity
    Show

  • SRG-OS-000027-GPOS-00008

    Group
    Show

  • Ubuntu 22.04 LTS must limit the number of concurrent sessions to ten for all accounts and/or account types.

    Ubuntu 22.04 LTS management includes the ability to control the number of users and user sessions that utilize an operating system. Limiting the number of allowed users and sessions per user is hel...
    Rule Low Severity
    Show

  • SRG-OS-000030-GPOS-00011

    Group
    Show

  • SRG-OS-000279-GPOS-00109

    Group
    Show

  • SRG-OS-000480-GPOS-00228

    Group
    Show

  • Ubuntu 22.04 LTS default filesystem permissions must be defined in such a way that all authenticated users can read and modify only their own files.

    Setting the most restrictive default permissions ensures newly created accounts do not have unnecessary access.
    Rule Medium Severity
    Show

  • SRG-OS-000312-GPOS-00124

    Group
    Show

  • SRG-OS-000368-GPOS-00154

    Group
    Show

  • Ubuntu 22.04 LTS must be configured to use AppArmor.

    Control of program execution is a mechanism used to prevent execution of unauthorized programs. Some operating systems may provide a capability that runs counter to the mission or provides users wi...
    Rule Medium Severity
    Show

  • SRG-OS-000373-GPOS-00156

    Group
    Show

  • Ubuntu 22.04 LTS must require users to reauthenticate for privilege escalation or when changing roles.

    Without reauthentication, users may access resources or perform tasks for which they do not have authorization. When operating systems provide the capability to escalate a functional capabili...
    Rule Medium Severity
    Show

  • SRG-OS-000134-GPOS-00068

    Group
    Show

  • SRG-OS-000069-GPOS-00037

    Group
    Show

  • Ubuntu 22.04 LTS must enforce password complexity by requiring at least one uppercase character be used.

    Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resistin...
    Rule Medium Severity
    Show

  • SRG-OS-000070-GPOS-00038

    Group
    Show

  • SRG-OS-000071-GPOS-00039

    Group
    Show

  • Ubuntu 22.04 LTS must enforce password complexity by requiring that at least one numeric character be used.

    Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resistin...
    Rule Medium Severity
    Show

  • SRG-OS-000266-GPOS-00101

    Group
    Show

  • Ubuntu 22.04 LTS must enforce password complexity by requiring that at least one special character be used.

    Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity or strength is a measure of the effectiveness of a password in resisting ...
    Rule Medium Severity
    Show

  • SRG-OS-000480-GPOS-00225

    Group
    Show

  • SRG-OS-000078-GPOS-00046

    Group
    Show

  • SRG-OS-000072-GPOS-00040

    Group
    Show

  • Ubuntu 22.04 LTS must require the change of at least eight characters when passwords are changed.

    If the operating system allows the user to consecutively reuse extensive portions of passwords, this increases the chances of password compromise by increasing the window of opportunity for attempt...
    Rule Medium Severity
    Show

  • SRG-OS-000480-GPOS-00225

    Group
    Show

  • Ubuntu 22.04 LTS must be configured so that when passwords are changed or new passwords are established, pwquality must be used.

    Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resistin...
    Rule Medium Severity
    Show

  • SRG-OS-000073-GPOS-00041

    Group
    Show

  • SRG-OS-000480-GPOS-00227

    Group
    Show

  • SRG-OS-000480-GPOS-00227

    Group
    Show

  • Ubuntu 22.04 LTS must not have accounts configured with blank or null passwords.

    If an account has an empty password, anyone could log on and run commands with the privileges of that account. Accounts with empty passwords must never be used in operational environments.
    Rule High Severity
    Show

  • SRG-OS-000120-GPOS-00061

    Group
    Show

  • Ubuntu 22.04 LTS must encrypt all stored passwords with a FIPS 140-3-approved cryptographic hashing algorithm.

    Passwords need to be protected at all times, and encryption is the standard method for protecting passwords. If passwords are not encrypted, they can be plainly read (i.e., clear text) and easily c...
    Rule Medium Severity
    Show

  • SRG-OS-000375-GPOS-00160

    Group
    Show

  • SRG-OS-000376-GPOS-00161

    Group
    Show

  • Ubuntu 22.04 LTS must accept personal identity verification (PIV) credentials.

    The use of PIV credentials facilitates standardization and reduces the risk of unauthorized access. DOD has mandated the use of the common access card (CAC) to support identity management and ...
    Rule Medium Severity
    Show

  • SRG-OS-000105-GPOS-00052

    Group
    Show

  • SRG-OS-000377-GPOS-00162

    Group
    Show

  • SRG-OS-000066-GPOS-00034

    Group
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules