Guide to the Secure Configuration of Ubuntu 22.04
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Disable Kerberos Authentication
Unless needed, SSH should not permit extraneous or unnecessary authentication mechanisms like Kerberos. <br> The default SSH configuration disallow...Rule Medium Severity -
Disable SSH Support for .rhosts Files
SSH can emulate the behavior of the obsolete rsh command in allowing users to enable insecure access to their accounts via <code>.rhosts</code> fil...Rule Medium Severity -
Disable SSH Support for User Known Hosts
SSH can allow system users to connect to systems if a cache of the remote systems public keys is available. This should be disabled. <br><br> To e...Rule Medium Severity -
Enable Public Key Authentication
Enable SSH login with public keys. <br> The default SSH configuration enables authentication based on public keys. The appropriate configuration is...Rule Medium Severity -
Set LogLevel to INFO
The INFO parameter specifices that record login and logout activity will be logged. <br> The default SSH configuration sets the log level to INFO. ...Rule Low Severity -
Use Only Strong MACs
Limit the MACs to strong hash algorithms. The following line in <code>/etc/ssh/sshd_config</code> demonstrates use of those MACs: <pre>MACs <xccdf-...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules