Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-OS-000057-GPOS-00027
<GroupDescription></GroupDescription>Group -
The Ubuntu operating system must permit only authorized groups ownership of the audit log files.
<VulnDiscussion>Unauthorized disclosure of audit records can reveal system and configuration data to attackers, thus compromising its confide...Rule Medium Severity -
SRG-OS-000059-GPOS-00029
<GroupDescription></GroupDescription>Group -
The Ubuntu operating system must be configured so that the audit log directory is not write-accessible by unauthorized users.
<VulnDiscussion>If audit information were to become compromised, then forensic analysis and discovery of the true source of potentially malic...Rule Medium Severity -
SRG-OS-000063-GPOS-00032
<GroupDescription></GroupDescription>Group -
The Ubuntu operating system must be configured so that audit configuration files are not write-accessible by unauthorized users.
<VulnDiscussion>Without the capability to restrict which roles and individuals can select which events are audited, unauthorized personnel ma...Rule Medium Severity -
SRG-OS-000063-GPOS-00032
<GroupDescription></GroupDescription>Group -
The Ubuntu operating system must permit only authorized accounts to own the audit configuration files.
<VulnDiscussion>Without the capability to restrict which roles and individuals can select which events are audited, unauthorized personnel ma...Rule Medium Severity -
SRG-OS-000063-GPOS-00032
<GroupDescription></GroupDescription>Group -
The Ubuntu operating system must permit only authorized groups to own the audit configuration files.
<VulnDiscussion>Without the capability to restrict which roles and individuals can select which events are audited, unauthorized personnel ma...Rule Medium Severity -
SRG-OS-000064-GPOS-00033
<GroupDescription></GroupDescription>Group -
The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the su command.
<VulnDiscussion>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficu...Rule Medium Severity -
SRG-OS-000064-GPOS-00033
<GroupDescription></GroupDescription>Group -
The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the chfn command.
<VulnDiscussion>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficu...Rule Medium Severity -
SRG-OS-000064-GPOS-00033
<GroupDescription></GroupDescription>Group -
The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the mount command.
<VulnDiscussion>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficu...Rule Medium Severity -
SRG-OS-000064-GPOS-00033
<GroupDescription></GroupDescription>Group -
The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the umount command.
<VulnDiscussion>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficu...Rule Medium Severity -
SRG-OS-000064-GPOS-00033
<GroupDescription></GroupDescription>Group -
The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the ssh-agent command.
<VulnDiscussion>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficu...Rule Medium Severity -
SRG-OS-000064-GPOS-00033
<GroupDescription></GroupDescription>Group -
The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the ssh-keysign command.
<VulnDiscussion>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficu...Rule Medium Severity -
SRG-OS-000064-GPOS-00033
<GroupDescription></GroupDescription>Group -
The Ubuntu operating system must generate audit records for any use of the setxattr, fsetxattr, lsetxattr, removexattr, fremovexattr, and lremovexattr system calls.
<VulnDiscussion>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficu...Rule Medium Severity -
SRG-OS-000064-GPOS-00033
<GroupDescription></GroupDescription>Group -
The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the chown, fchown, fchownat, and lchown system calls.
<VulnDiscussion>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficu...Rule Medium Severity -
SRG-OS-000064-GPOS-00033
<GroupDescription></GroupDescription>Group -
The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the chmod, fchmod, and fchmodat system calls.
<VulnDiscussion>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficu...Rule Medium Severity -
SRG-OS-000064-GPOS-00033
<GroupDescription></GroupDescription>Group -
The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the creat, open, openat, open_by_handle_at, truncate, and ftruncate system calls.
<VulnDiscussion>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficu...Rule Medium Severity -
SRG-OS-000064-GPOS-00033
<GroupDescription></GroupDescription>Group -
The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the sudo command.
<VulnDiscussion>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficu...Rule Medium Severity -
SRG-OS-000064-GPOS-00033
<GroupDescription></GroupDescription>Group -
The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the sudoedit command.
<VulnDiscussion>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficu...Rule Medium Severity -
SRG-OS-000064-GPOS-00033
<GroupDescription></GroupDescription>Group -
The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the chsh command.
<VulnDiscussion>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficu...Rule Medium Severity -
SRG-OS-000064-GPOS-00033
<GroupDescription></GroupDescription>Group -
The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the newgrp command.
<VulnDiscussion>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficu...Rule Medium Severity -
SRG-OS-000064-GPOS-00033
<GroupDescription></GroupDescription>Group -
The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the chcon command.
<VulnDiscussion>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficu...Rule Medium Severity -
SRG-OS-000064-GPOS-00033
<GroupDescription></GroupDescription>Group -
The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the apparmor_parser command.
<VulnDiscussion>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficu...Rule Medium Severity -
SRG-OS-000064-GPOS-00033
<GroupDescription></GroupDescription>Group -
The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the setfacl command.
<VulnDiscussion>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficu...Rule Medium Severity -
SRG-OS-000064-GPOS-00033
<GroupDescription></GroupDescription>Group -
The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the chacl command.
<VulnDiscussion>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficu...Rule Medium Severity -
SRG-OS-000064-GPOS-00033
<GroupDescription></GroupDescription>Group -
The Ubuntu operating system must generate audit records for the use and modification of the tallylog file.
<VulnDiscussion>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficu...Rule Medium Severity -
SRG-OS-000064-GPOS-00033
<GroupDescription></GroupDescription>Group -
The Ubuntu operating system must generate audit records for the use and modification of faillog file.
<VulnDiscussion>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficu...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.