Guide to the Secure Configuration of Ubuntu 22.04
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SSSD certificate_verification option
Value of the certificate_verification option in the SSSD config.Value -
SSSD memcache_timeout option
Value of the memcache_timeout option in the [nss] section of SSSD config /etc/sssd/sssd.conf.Value -
SSSD ssh_known_hosts_timeout option
Value of the ssh_known_hosts_timeout option in the [ssh] section of SSSD configuration file /etc/sssd/sssd.conf.Value -
Configure SSSD to Expire Offline Credentials
SSSD should be configured to expire offline credentials after 1 day. To configure SSSD to expire offline credentials, set <code>offline_credential...Rule Medium Severity -
System Security Services Daemon (SSSD) - LDAP
The System Security Services Daemon (SSSD) is a system daemon that provides access to different identity and authentication providers such as Red H...Group -
SSSD LDAP Backend Client CA Certificate Location
Path of a directory that contains Certificate Authority certificates.Value -
USBGuard daemon
The USBGuard daemon enforces the USB device authorization policy for all USB devices.Group -
X Window System
The X Window System implementation included with the system is called X.org.Group -
Disable X Windows
Unless there is a mission-critical reason for the system to run a graphical user interface, ensure X is not set to start automatically at boot and ...Group -
Remove the X Windows Package Group
By removing the xorg-x11-server-common package, the system no longer has X Windows installed. If X Windows is not installed then the system cannot ...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules