Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-OS-000259-GPOS-00100
<GroupDescription></GroupDescription>Group -
The Ubuntu operating system library directories must have mode 0755 or less permissive.
<VulnDiscussion>If the Ubuntu operating system were to allow any user to make changes to software libraries, then those changes might be impl...Rule Medium Severity -
SRG-OS-000259-GPOS-00100
<GroupDescription></GroupDescription>Group -
The Ubuntu operating system library files must be owned by root.
<VulnDiscussion>If the Ubuntu operating system were to allow any user to make changes to software libraries, then those changes might be impl...Rule Medium Severity -
SRG-OS-000259-GPOS-00100
<GroupDescription></GroupDescription>Group -
The Ubuntu operating system library directories must be owned by root.
<VulnDiscussion>If the Ubuntu operating system were to allow any user to make changes to software libraries, then those changes might be impl...Rule Medium Severity -
SRG-OS-000259-GPOS-00100
<GroupDescription></GroupDescription>Group -
The Ubuntu operating system library files must be group-owned by root.
<VulnDiscussion>If the Ubuntu operating system were to allow any user to make changes to software libraries, then those changes might be impl...Rule Medium Severity -
SRG-OS-000259-GPOS-00100
<GroupDescription></GroupDescription>Group -
The Ubuntu operating system library directories must be group-owned by root.
<VulnDiscussion>If the Ubuntu operating system were to allow any user to make changes to software libraries, then those changes might be impl...Rule Medium Severity -
SRG-OS-000259-GPOS-00100
<GroupDescription></GroupDescription>Group -
The Ubuntu operating system must have system commands set to a mode of 0755 or less permissive.
<VulnDiscussion>If the Ubuntu operating system were to allow any user to make changes to software libraries, then those changes might be impl...Rule Medium Severity -
SRG-OS-000259-GPOS-00100
<GroupDescription></GroupDescription>Group -
The Ubuntu operating system must have directories that contain system commands set to a mode of 0755 or less permissive.
<VulnDiscussion>If the Ubuntu operating system were to allow any user to make changes to software libraries, then those changes might be impl...Rule Medium Severity -
SRG-OS-000259-GPOS-00100
<GroupDescription></GroupDescription>Group -
The Ubuntu operating system must have system commands owned by root.
<VulnDiscussion>If the Ubuntu operating system were to allow any user to make changes to software libraries, then those changes might be impl...Rule Medium Severity -
SRG-OS-000259-GPOS-00100
<GroupDescription></GroupDescription>Group -
The Ubuntu operating system must have directories that contain system commands owned by root.
<VulnDiscussion>If the Ubuntu operating system were to allow any user to make changes to software libraries, then those changes might be impl...Rule Medium Severity -
SRG-OS-000259-GPOS-00100
<GroupDescription></GroupDescription>Group -
The Ubuntu operating system must have system commands group-owned by root or a system account.
<VulnDiscussion>If the Ubuntu operating system were to allow any user to make changes to software libraries, then those changes might be impl...Rule Medium Severity -
SRG-OS-000259-GPOS-00100
<GroupDescription></GroupDescription>Group -
The Ubuntu operating system must have directories that contain system commands group-owned by root.
<VulnDiscussion>If the Ubuntu operating system were to allow any user to make changes to software libraries, then those changes might be impl...Rule Medium Severity -
SRG-OS-000266-GPOS-00101
<GroupDescription></GroupDescription>Group -
The Ubuntu operating system must enforce password complexity by requiring that at least one special character be used.
<VulnDiscussion>Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity o...Rule Low Severity -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
The Ubuntu Operating system must disable the x86 Ctrl-Alt-Delete key sequence if a graphical user interface is installed.
<VulnDiscussion>A locally logged-on user who presses Ctrl-Alt-Delete, when at the console, can reboot the system. If accidentally pressed, as...Rule High Severity -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
The Ubuntu Operating system must disable the x86 Ctrl-Alt-Delete key sequence.
<VulnDiscussion>A locally logged-on user who presses Ctrl-Alt-Delete, when at the console, can reboot the system. If accidentally pressed, as...Rule High Severity -
SRG-OS-000064-GPOS-00033
<GroupDescription></GroupDescription>Group -
The Ubuntu operating system must generate audit records for the use and modification of the tallylog file.
<VulnDiscussion>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficu...Rule Medium Severity -
SRG-OS-000064-GPOS-00033
<GroupDescription></GroupDescription>Group -
The Ubuntu operating system must generate audit records for the use and modification of faillog file.
<VulnDiscussion>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficu...Rule Medium Severity -
SRG-OS-000064-GPOS-00033
<GroupDescription></GroupDescription>Group -
The Ubuntu operating system must generate audit records for the use and modification of the lastlog file.
<VulnDiscussion>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficu...Rule Medium Severity -
SRG-OS-000471-GPOS-00215
<GroupDescription></GroupDescription>Group -
The Ubuntu operating system must generate audit records for privileged activities or other system-level access.
<VulnDiscussion>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficu...Rule Medium Severity -
SRG-OS-000472-GPOS-00217
<GroupDescription></GroupDescription>Group -
The Ubuntu operating system must generate audit records for the /var/log/wtmp file.
<VulnDiscussion>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficu...Rule Medium Severity -
SRG-OS-000472-GPOS-00217
<GroupDescription></GroupDescription>Group -
The Ubuntu operating system must generate audit records for the /var/run/utmp file.
<VulnDiscussion>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficu...Rule Medium Severity -
SRG-OS-000472-GPOS-00217
<GroupDescription></GroupDescription>Group -
The Ubuntu operating system must generate audit records for the /var/log/btmp file.
<VulnDiscussion>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficu...Rule Medium Severity -
SRG-OS-000476-GPOS-00221
<GroupDescription></GroupDescription>Group -
The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.
<VulnDiscussion>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficu...Rule Medium Severity -
SRG-OS-000476-GPOS-00221
<GroupDescription></GroupDescription>Group -
The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.
<VulnDiscussion>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficu...Rule Medium Severity -
SRG-OS-000476-GPOS-00221
<GroupDescription></GroupDescription>Group -
The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.
<VulnDiscussion>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficu...Rule Medium Severity -
SRG-OS-000476-GPOS-00221
<GroupDescription></GroupDescription>Group -
The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.
<VulnDiscussion>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficu...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.