Guide to the Secure Configuration of Ubuntu 20.04
Rules, Groups, and Values defined within the XCCDF Benchmark
-
faildelay_delay
Delay next login attempt after a failed loginValue -
pwhistory_remember
Prevent password re-use using password history lookupValue -
PAM pwhistory remember - control flag
'Specify the control flag required for password remember requirement. If multiple values are allowed write them separated by commas as in "required...Value -
tally2
Number of failed login attemptsValue -
Account Lockouts Must Be Logged
PAM faillock locks an account due to excessive password failures, this event must be logged.Rule Medium Severity -
Account Lockouts Must Persist
By setting a `dir` in the faillock configuration account lockouts will persist across reboots.Rule Medium Severity -
Limit Password Reuse
Do not allow users to reuse recent passwords. This can be accomplished by using the <code>remember</code> option for the <code>pam_pwhistory</code>...Rule Medium Severity -
Limit Password Reuse
Do not allow users to reuse recent passwords. This can be accomplished by using the <code>remember</code> option for the <code>pam_unix</code> or <...Rule Medium Severity -
Enforce Delay After Failed Logon Attempts
To configure the system to introduce a delay after failed logon attempts, add or correct the <code>pam_faildelay</code> settings in <code>/etc/pam....Rule Medium Severity -
Account Lockouts Must Be Logged
PAM faillock locks an account due to excessive password failures, this event must be logged.Rule Medium Severity -
Set Deny For Failed Password Attempts
The Ubuntu 20.04 operating system must lock an account after - at most - <xccdf-1.2:sub xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2" idre...Rule Medium Severity -
Set Password Quality Requirements
The default <code>pam_pwquality</code> PAM module provides strength checking for passwords. It performs a number of checks, such as making sure pas...Group -
Set Password Quality Requirements, if using pam_cracklib
The <code>pam_cracklib</code> PAM module can be configured to meet requirements for a variety of policies. <br><br> For example, to configure <code...Group -
Set Password Quality Requirements with pam_pwquality
The <code>pam_pwquality</code> PAM module can be configured to meet requirements for a variety of policies. <br><br> For example, to configure <cod...Group -
dcredit
Minimum number of digits in passwordValue -
dictcheck
Prevent the use of dictionary words for passwords.Value -
difok
Minimum number of characters not present in old passwordValue -
lcredit
Minimum number of lower case in passwordValue -
maxclassrepeat
Maximum Number of Consecutive Repeating Characters in a Password From the Same Character ClassValue -
maxrepeat
Maximum Number of Consecutive Repeating Characters in a PasswordValue
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.