Skip to content
Log In

Guide to the Secure Configuration of Ubuntu 22.04

Rules, Groups, and Values defined within the XCCDF Benchmark

  • fail_unlock_time

    Seconds before automatic unlocking or permanently locking after excessive failed logins
    Value
    Show

  • faildelay_delay

    Delay next login attempt after a failed login
    Value
    Show

  • pwhistory_remember

    Prevent password re-use using password history lookup
    Value
    Show

  • Account Lockouts Must Be Logged

    PAM faillock locks an account due to excessive password failures, this event must be logged.
    Rule Medium Severity
    Show

  • Account Lockouts Must Persist

    By setting a `dir` in the faillock configuration account lockouts will persist across reboots.
    Rule Medium Severity
    Show

  • Limit Password Reuse

    Do not allow users to reuse recent passwords. This can be accomplished by using the remember option for the pam_unix or pam_pwhistory PAM modules.
    Rule Medium Severity
    Show

  • Account Lockouts Must Be Logged

    PAM faillock locks an account due to excessive password failures, this event must be logged.
    Rule Medium Severity
    Show

  • Set Interval For Counting Failed Password Attempts

    Utilizing <code>pam_faillock.so</code>, the <code>fail_interval</code> directive configures the system to lock out an account after a number of incorrect login attempts within a specified time peri...
    Rule Medium Severity
    Show

  • Set Password Quality Requirements

    The default <code>pam_pwquality</code> PAM module provides strength checking for passwords. It performs a number of checks, such as making sure passwords are not similar to dictionary words, are of...
    Group
    Show

  • Set Password Quality Requirements with pam_pwquality

    The <code>pam_pwquality</code> PAM module can be configured to meet requirements for a variety of policies. <br> <br> For example, to configure <code>pam_pwquality</code> to require at lea...
    Group
    Show

  • dcredit

    Minimum number of digits in password
    Value
    Show

  • dictcheck

    Prevent the use of dictionary words for passwords.
    Value
    Show

  • difok

    Minimum number of characters not present in old password
    Value
    Show

  • lcredit

    Minimum number of lower case in password
    Value
    Show

  • minclass

    Minimum number of categories of characters that must exist in a password
    Value
    Show

  • minlen

    Minimum number of characters in password
    Value
    Show

  • ocredit

    Minimum number of other (special characters) in password
    Value
    Show

  • retry

    Number of retry attempts before erroring out
    Value
    Show

  • Ensure PAM Enforces Password Requirements - Minimum Lowercase Characters

    The pam_pwquality module's <code>lcredit</code> parameter controls requirements for usage of lowercase letters in a password. When set to a negative number, any password will be required to contain...
    Rule Medium Severity
    Show

  • Ensure PAM Enforces Password Requirements - Minimum Length

    The pam_pwquality module's <code>minlen</code> parameter controls requirements for minimum characters required in a password. Add <code>minlen=<xccdf-1.2:sub idref="xccdf_org.ssgproject.content_val...
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules