Skip to content
ATO Pathways
  Log In

Guide to the Secure Configuration of Ubuntu 16.04

Rules, Groups, and Values defined within the XCCDF Benchmark

  • tally2

    Number of failed login attempts
    Value
    Show

  • Account Lockouts Must Be Logged

    PAM faillock locks an account due to excessive password failures, this event must be logged.
    Rule Medium Severity
    Show

  • Account Lockouts Must Be Logged

    PAM faillock locks an account due to excessive password failures, this event must be logged.
    Rule Medium Severity
    Show

  • Set Password Quality Requirements

    The default <code>pam_pwquality</code> PAM module provides strength checking for passwords. It performs a number of checks, such as making sure pas...
    Group
    Show

  • Set Password Quality Requirements, if using pam_cracklib

    The <code>pam_cracklib</code> PAM module can be configured to meet requirements for a variety of policies. <br><br> For example, to configure <code...
    Group
    Show

  • Set Password Quality Requirements with pam_pwquality

    The <code>pam_pwquality</code> PAM module can be configured to meet requirements for a variety of policies. <br><br> For example, to configure <cod...
    Group
    Show

  • dcredit

    Minimum number of digits in password
    Value
    Show

  • dictcheck

    Prevent the use of dictionary words for passwords.
    Value
    Show

  • difok

    Minimum number of characters not present in old password
    Value
    Show

  • lcredit

    Minimum number of lower case in password
    Value
    Show

  • maxclassrepeat

    Maximum Number of Consecutive Repeating Characters in a Password From the Same Character Class
    Value
    Show

  • maxrepeat

    Maximum Number of Consecutive Repeating Characters in a Password
    Value
    Show

  • minclass

    Minimum number of categories of characters that must exist in a password
    Value
    Show

  • minlen

    Minimum number of characters in password
    Value
    Show

  • ocredit

    Minimum number of other (special characters) in password
    Value
    Show

  • retry

    Number of retry attempts before erroring out
    Value
    Show

  • ucredit

    Minimum number of upper case in password
    Value
    Show

  • Set Password Hashing Algorithm

    The system's default algorithm for storing password hashes in /etc/shadow is SHA-512. This can be configured in several locations.
    Group
    Show

  • Protect Physical Console Access

    It is impossible to fully protect a system from an attacker with physical access, so securing the space in which the system is located should be co...
    Group
    Show

  • Login timeout for idle sessions

    Specify duration of allowed idle time.
    Value
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules